Lucene search
K

301 matches found

RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.7 views

undertow: potential security issue in flow control over HTTP/2 may lead to DOS

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability...

5.9CVSS7.3AI score0.01175EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/22 12:0 a.m.3 views

lwip 缓冲区错误漏洞

lwip is an open source TCP/IP stack implementation. lwip suffers from a buffer error vulnerability that originates in the icmp6sendresponsewithaddrsandnetif function of the git head of the Free Software Foundation version of lwIP, which allows an attacker to exploit the vulnerability via a crafte...

7.5CVSS7.5AI score0.01366EPSS
Exploits0References3
OSV
OSV
added 2021/04/22 9:15 p.m.4 views

CVE-2021-25664

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303, Nucleus NET All versions, Nucleus ReadyStart V3 All versions V2017.02.4, Nucleus ReadyStart V4 All versions V4.1.0, Nucleus Source Code All versions...

7.5CVSS5.8AI score0.01885EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/04/12 12:0 a.m.7 views

Michael gargoyle 安全漏洞

Gargoyle OS is a Web management interface for small router devices. A security vulnerability exists in Gargoyle OS version 1.12.0 that stems from a routing loop that generates excessive network traffic between an affected device and the routers of its upstream ISP when IPv6 is used. No details of...

7.5CVSS5.5AI score0.01034EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/03/16 1:41 p.m.1 views

Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
NCSC
NCSC
added 2021/02/17 12:0 a.m.10 views

Vulnerabilities fixed in OpenSSL

Vulnerabilities have been fixed in OpenSSL. The vulnerabilities allow a malicious party to remotely initiate a denial-of-service by offering a rogue certificate to to an SSL server or SSL client. When an SSL server still supports SSLv2, it is possible to inadvertently establish a connection and...

7.5CVSS9.2AI score0.50732EPSS
Exploits0
OSV
OSV
added 2020/12/11 10:15 p.m.1 views

DEBIAN-CVE-2020-13988

An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uipprocess in net/ipv4/uip.c...

7.5CVSS7.2AI score0.03912EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/11/04 12:0 a.m.31 views

RHEL 8 : librabbitmq (RHSA-2020:4445)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4445 advisory. The librabbitmq packages provide an Advanced Message Queuing Protocol AMQP client library that allows you to communicate with AMQP servers using...

9.8CVSS8.2AI score0.03317EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2020/10/14 12:0 a.m.3 views

The vulnerability of the IPv6 traffic processing service of Cisco Small Business 250 Series, Cisco Small Business 350 Series, Cisco Small Business 350X Series, and Cisco Small Business 550X Series routers allows a attacker to cause a service failure.

The vulnerability of the IPv6 traffic processing service of Cisco Small Business 250 Series, Cisco Small Business 350 Series, Cisco Small Business 350X Series, and Cisco Small Business 550X Series routers is related to IPv6 traffic processing errors. Exploiting this vulnerability can allow a...

8.6CVSS7.6AI score0.01819EPSS
Exploits0References2Affected Software4
RedHat Linux
RedHat Linux
added 2020/09/29 7:0 p.m.4 views

kernel: some ipv6 protocols not encrypted over ipsec tunnel

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...

7.5CVSS6.6AI score0.01229EPSS
Exploits0References4
0day.today
0day.today
added 2020/08/11 12:0 a.m.216 views

Travel Management System 1.0 Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Travel Management System v1.0 - Unauthenticated Remote Code Execution Exploit Author: Adeeb Shah @hyd3sec & Bobby Cooke boku Vulnerability Discovery: Adeeb Shah @hyd3sec Date: August 10, 2020 Vendor Homepage:...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/08/06 12:0 a.m.3 views

Cisco StarOS Denial of Service Vulnerability (CNVD-2020-47969)

Cisco StarOS is a set of virtualization operating system of the American Cisco Cisco. An input validation error vulnerability exists in the IPv6 implementation of Cisco StarOS, which arises from the program's failure to adequately validate incoming IPv6 traffic. A remote attacker could exploit th...

6.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/07/09 12:0 a.m.36 views

SUSE SLED15 / SLES15 Security Update : freetds (SUSE-SU-2020:1417-2)

This update for freetds to 1.1.36 fixes the following issues : Security issue fixed : CVE-2019-13508: Fixed a heap overflow that could have been caused by malicious servers sending UDT types over protocol version 5.0 bsc1141132. Non-security issues fixed : Enabled Kerberos support Version update ...

9.8CVSS8.2AI score0.01781EPSS
Exploits0References4
OSV
OSV
added 2020/06/18 2:15 p.m.2 views

ALPINE-CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

5.9CVSS6.8AI score0.12826EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/06/17 12:0 a.m.33 views

SUSE SLES15 Security Update : freetds (SUSE-SU-2020:1417-1)

This update for freetds to 1.1.36 fixes the following issues : Security issue fixed : CVE-2019-13508: Fixed a heap overflow that could have been caused by malicious servers sending UDT types over protocol version 5.0 bsc1141132. Non-security issues fixed : Enabled Kerberos support Version update ...

9.8CVSS8.2AI score0.01781EPSS
Exploits0References4
CNVD
CNVD
added 2020/06/05 12:0 a.m.8 views

MQTT Resource Management Error Vulnerability

MQTT Message Queuing Telemetry Transport is an ISO standard ISO/IEC PRF 20922 based on the Publish/Subscribe paradigm of messaging protocols, which works on the TCP/IP family of protocols, and is designed for remote devices with low hardware performance and poor network conditions. It works on th...

7.5CVSS6.9AI score0.02EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/06/01 12:0 a.m.52 views

openSUSE Security Update : freetds (openSUSE-2020-741)

This update for freetds to 1.1.36 fixes the following issues : Security issue fixed : - CVE-2019-13508: Fixed a heap overflow that could have been caused by malicious servers sending UDT types over protocol version 5.0 bsc1141132. Non-security issues fixed : - Enabled Kerberos support - Version...

9.8CVSS8.1AI score0.01781EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2020/05/29 12:0 a.m.120 views

Security update for freetds (moderate)

openSUSE Security Update: Security update for freetds Announcement ID: openSUSE-SU-2020:0741-1 Rating: moderate References: 1141132 Cross-References: CVE-2019-13508 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for freetds ...

9.8CVSS9.6AI score0.01781EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/05/18 10:24 a.m.2 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2020/05/07 12:0 a.m.7 views

Linux: SSH RSAAuthentication

RSAAuthentication: Specifies whether pure RSA authentication is allowed. This option applies to protocol version 1 only. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5AI score
Exploits0References1
Rows per page
Query Builder