CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

271 matches found

Veracode•added 2022/07/25 12:47 p.m.•37 views

Denial Of Service (DoS)

go is vulnerable to Denial Of Service DoS. The vulnerable exists in globWithLimit and Glob functions in glob.go because the the number of path separators allowed by an input to Glob is not separated which allows an attacker to cause an application crash...

7.5CVSS7.7AI score0.01618EPSS

Exploits0References10Affected Software18

OSV•added 2022/07/20 8:52 p.m.•24 views

GO-2022-0527 Stack exhaustion in Glob on certain paths in io/fs

Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion...

7.5CVSS7.8AI score0.01618EPSS

Exploits0References4

RedhatCVE•added 2022/07/15 7:6 a.m.•35 views

CVE-2022-30630

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability...

7.5CVSS4.4AI score0.01618EPSS

Exploits0References5

IBM Security Bulletins•added 2022/06/15 7:7 p.m.•55 views

Security Bulletin: Pip as used by IBM QRadar Advisor With Watson is vulnerable to multiple vulnerabilities (CVE-2019-20916, CVE-2021-3572, CVE-2018-20225)

Summary Pip as used by IBM QRadar Advisor With Watson to manage python packages is vulnerable to multiple vulnerabilities. IBM QRadar Advisor With Watson has addressed the applicable CVEs by updating pip. Vulnerability Details CVEID: CVE-2019-20916 DESCRIPTION: pypa pip package for python could...

7.8CVSS1.1AI score0.03003EPSS

Exploits3Affected Software1

OSV•added 2022/06/02 2:15 p.m.•2 views

AZL-9909 CVE-2022-27780 affecting package curl for versions less than 7.83.1-1

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

7.5CVSS6.7AI score0.02187EPSS

Exploits1References1

Cvelist•added 2022/06/01 12:0 a.m.•24 views

CVE-2022-27780

7.7AI score0.02187EPSS

Exploits1References3

OSV•added 2022/05/19 2:7 p.m.•7 views

USN-4961-2 python-pip vulnerability

USN-4961-1 fixed a vulnerability in pip. This update provides the corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Original advisory details: It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use...

5.7CVSS6.8AI score0.01687EPSS

Exploits2References2

curl security advisories•added 2022/05/11 8:0 a.m.•3 views

percent-encoded path separator in URL host

The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the hostname part of a URL, making it a different URL using the wrong hostname when it is later retrieved. For example, a URL like http://example.com%2F10.0.0.1/, would be allowed by the parser and get...

7.5CVSS6.7AI score0.02187EPSS

Exploits1References1Affected Software2

OSV•added 2022/05/11 12:0 a.m.•2 views

UBUNTU-CVE-2022-27780

7.5CVSS6.8AI score0.02187EPSS

Exploits1References4

CNNVD•added 2022/05/11 12:0 a.m.•1 views

curl 代码问题漏洞

curl is a tool used to transfer data from or to a server. A code issue vulnerability exists in curl, which arises from the URL parser incorrectly accepting percentage-encoded URL separators when decoding the hostname portion of a URL...

7.5CVSS6.9AI score0.02187EPSS

Exploits1References15

Microsoft CVE•added 2022/04/09 7:0 a.m.•4 views

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

...

5.7CVSS7.3AI score0.01687EPSS

Exploits2

Tenable Nessus•added 2022/03/31 12:0 a.m.•38 views

SUSE SLES12 Security Update : python3 (SUSE-SU-2022:1044-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1044-1 advisory. - A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue...

5.7CVSS7.1AI score0.01687EPSS

Exploits2References4

RedHat Linux•added 2022/03/28 9:49 a.m.•2 views

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...

9.8CVSS7.3AI score0.33936EPSS

Exploits0References5

Tenable Nessus•added 2022/03/25 12:0 a.m.•32 views

openSUSE 15 Security Update : python3 (openSUSE-SU-2022:0942-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0942-1 advisory. - A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to...

5.7CVSS7.1AI score0.01687EPSS

Exploits2References4

RedHat Linux•added 2022/03/16 4:21 p.m.•1 views

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

9.8CVSS7.3AI score0.33936EPSS

Exploits0References5

RedHat Linux•added 2022/03/14 10:48 a.m.•2 views

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

9.8CVSS7.3AI score0.33936EPSS

Exploits0References5

RedHat Linux•added 2022/03/14 10:7 a.m.•3 views

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution