Lucene search
K

301 matches found

CNNVD
CNNVD
added 2023/04/24 12:0 a.m.2 views

RIOT RIOT-OS 代码问题漏洞

RIOT-OS is an operating system that supports IoT devices and contains a network stack capable of handling 6LoWPAN frames. A denial of service vulnerability exists in versions of RIOT-OS prior to 2022.10, which can be exploited by an attacker to launch a denial of service attack...

7.5CVSS6.6AI score0.01212EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2023/03/29 11:43 a.m.5 views

undertow: Server identity in https connection is not checked by the undertow client

A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step that should at least be performed by default in HTTPS and in http/2...

7.5CVSS5.7AI score0.00596EPSS
Exploits0References4
OSV
OSV
added 2023/03/23 5:15 p.m.1 views

CVE-2023-20081

A vulnerability in the IPv6 DHCP DHCPv6 client module of Cisco Adaptive Security Appliance ASA Software, Cisco Firepower Threat Defense FTD Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an...

5.9CVSS6.2AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.3 views

SUSE CVE-2009-0478

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in 1 HttpMsg.c and 2 HttpStatusLine.c...

5CVSS6.8AI score0.71986EPSS
Exploits8References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.3 views

SUSE CVE-2015-1465

The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update RCU grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service memory consumption or system crash via a flood of...

7.8CVSS6.5AI score0.06511EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.3 views

SUSE CVE-2015-8787

The nfnatredirectipv4 function in net/netfilter/nfnatredirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured...

10CVSS6.9AI score0.09235EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.2 views

SUSE CVE-2019-0196

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

5CVSS6.5AI score0.193EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.2 views

SUSE CVE-2019-10081

HTTP/2 2.4.20 through 2.4.39 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client...

5.3CVSS7.8AI score0.14563EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.8 views

SUSE CVE-2022-3435

A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fibnhmatch of the file net/ipv4/fibsemantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to appl...

5.3CVSS6.7AI score0.03651EPSS
Exploits0References28
RedHat Linux
RedHat Linux
added 2022/11/28 8:47 p.m.1 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02513EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/11/16 12:0 a.m.20 views

CVE-2022-39317 Out of bounds read in zgfx decoder in FreeRDP

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in versio...

4.6CVSS5.6AI score0.00627EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/04 12:0 a.m.3 views

Contiki-NG 安全漏洞

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG 4.7 and earlier versions, which stems from a buffer overflow that could be caused when an attacker copies an IPv6 address prefix in the...

8.1CVSS8AI score0.01025EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2022/06/09 7:0 a.m.5 views

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S) IMAP(S) POP3(S) and LDAP(S) (openldap only).

...

8.1CVSS6.8AI score0.01914EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2022/06/01 12:0 a.m.5 views

CVE-2022-27775

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead...

6.8AI score0.02794EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/05/04 12:0 a.m.130 views

Server Message Block (SMB) Protocol Version Detection

The Server Message Block SMB Protocol provides shared access to files and printers across nodes on a network. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid160486; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/05/04";...

5.4AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/04/12 7:6 p.m.1 views

undertow: client side invocation timeout raised when calling over HTTP2

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

7.5CVSS5.7AI score0.01287EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2014-0416)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS5.4AI score0.99999EPSS
Exploits7References5
ATTACKERKB
ATTACKERKB
added 2022/01/12 5:0 p.m.5 views

CVE-2022-22155

An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator FPC of an ACX5448 router. The continuous flapping of an IPv6 neighbor with...

6.5CVSS6.6AI score0.00402EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/01/01 5:15 a.m.0 views

DEBIAN-CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

7.5CVSS6.2AI score0.03958EPSS
Exploits0References1
OSV
OSV
added 2022/01/01 5:15 a.m.5 views

AZL-33638 CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.7.10-19

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

7.5CVSS6.6AI score0.03958EPSS
Exploits0References1
Rows per page
Query Builder