Lucene search
K

13 matches found

NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-52986

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: don't use simplestrtoul Replace unsafe port parsing in epaddrlen, ctsipparseheaderuri, and ctsipparserequest with a new sipparseport helper that validates each digit against the buffer limit, eliminatin...

9.8CVSS0.00559EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51880

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf conntrack sip module due to unsafe port parsing. The system used the simple strtoul function, which assumes strings are NUL-terminated, on...

9.8CVSS5.8AI score0.00559EPSS
Exploits0References11
Veracode
Veracode
added 2026/01/23 3:34 a.m.6 views

Denial-of-service (DoS)

pypdf is vulnerable to denial-of-service DoS. The vulnerability is due to improper handling of PDFs missing the /Root object with a large /Size value in non-strict parsing mode, which allows an attacker to craft an invalid PDF that triggers excessively long runtimes...

6.9CVSS5.9AI score0.00391EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/02/27 8:38 a.m.8 views

CLSA-2025-1740645491 python3.11: Fix of CVE-2023-27043

CVE-2023-27043: add a strict parsing mode to prevent incorrect address interpretation. By default, strict=True is enabled. If you need the legacy behavior, explicitly set strict=False when calling parseaddr or getaddresses - Additionally, strict parsing can be disabled globally by setting the...

5.3CVSS6.8AI score0.02507EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/02/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or...

7.5CVSS7.1AI score0.57472EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/02/08 12:0 a.m.11 views

PT-2021-6101

Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.19.0 Description A malicious server which responds with long series of xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.8CVSS6.8AI score0.03876EPSS
Exploits1References51
Tenable Nessus
Tenable Nessus
added 2021/01/06 12:0 a.m.262 views

IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.14 / 8.5.0.0 < 8.5.5.12 / 9.0.0.0 < 9.0.0.5 Multiple Vulnerabilities (563615)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities related to Apache HTTP Server, as follows: - In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a malicious Content-Type...

9.8CVSS7.7AI score0.57472EPSS
Exploits4References4
Mageia
Mageia
added 2018/01/01 10:38 a.m.85 views

Updated apache packages fix security vulnerability

modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC CVE-2016-0736...

9.8CVSS0.4AI score0.94999EPSS
Exploits17References5
OSV
OSV
added 2017/10/30 2:55 p.m.26 views

SUSE-SU-2017:2907-1 Security update for apache2

This update for apache2 fixes the following issues: - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. bsc1052830 - Allow ECDH again in modssl, it had been incorrectly disabled with the 2.2.34 update. bsc1064561 Following security issue has...

10CVSS9.1AI score0.94999EPSS
Exploits26References17
Hacker One
Hacker One
added 2017/06/20 8:36 a.m.175 views

Internet Bug Bounty: ap_find_token() Buffer Overread

Versions Affected: httpd 2.2.32 httpd 2.4.24 unreleased httpd 2.4.25 Description: The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request...

5CVSS8.4AI score0.57472EPSS
Exploits1
OSV
OSV
added 2017/06/19 12:0 a.m.5 views

UBUNTU-CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...

9.8CVSS7.1AI score0.57472EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2015/08/04 12:0 a.m.42 views

Debian Security Advisory DSA 3328-1 (wordpress - security update)

Several vulnerabilities have been found in Wordpress, the popular blogging engine. CVE-2015-3429 The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been...

4.3CVSS6.6AI score0.08814EPSS
Exploits4References1
FreeBSD
FreeBSD
added 2005/01/24 12:0 a.m.34 views

squid -- possible cache-poisoning via malformed HTTP responses

The squid patches page notes: This patch makes Squid considerably stricter while parsing the HTTP protocol. A Content-length header should only appear once in a valid request or response. Multiple Content-length headers, in conjunction with specially crafted requests, may allow Squid's cache to b...

5CVSS6.4AI score0.50775EPSS
Exploits0References1
Rows per page
Query Builder