CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/06/23 12:0 a.m.•2 views

Amazon Linux 2 : runc (ALASDOCKER-2025-068)

The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-068 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...

9.1CVSS7AI score0.00294EPSS

Amazon•added 2025/06/23 12:0 a.m.•3 views

Important: runc

9.1CVSS9.6AI score0.00294EPSS

Tenable Nessus•added 2025/06/23 12:0 a.m.•4 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1040)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1040 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

Tenable Nessus•added 2025/06/23 12:0 a.m.•4 views

Amazon Linux 2 : runc (ALASECS-2025-068)

The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-068 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...

9.1CVSS7AI score0.00294EPSS

Tenable Nessus•added 2025/06/23 12:0 a.m.•3 views

Amazon Linux 2023 : runc (ALAS2023-2025-1041)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1041 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

Tenable Nessus•added 2025/06/12 12:0 a.m.•3 views

Amazon Linux 2023 : cni-plugins (ALAS2023-2025-1012)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1012 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

9.8CVSS6.8AI score0.00294EPSS

Exploits0References6

Amazon•added 2025/06/12 12:0 a.m.•2 views

Important: cni-plugins

9.1CVSS7.2AI score0.00294EPSS

Amazon•added 2025/06/11 12:0 a.m.•2 views

Important: containerd

Amazon•added 2025/06/10 12:0 a.m.•3 views

Important: cni-plugins

9.1CVSS9.6AI score0.00294EPSS

OSV•added 2025/06/06 2:4 p.m.•1 views

OESA-2025-1611 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...

7.5CVSS6.9AI score0.01011EPSS

Exploits1References2

Amazon•added 2025/06/02 12:0 a.m.•10 views

Important: runfinch-finch

9.1CVSS7.6AI score0.00294EPSS

Tenable Nessus•added 2025/06/02 12:0 a.m.•9 views

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2025-978)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-978 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

Debian•added 2025/05/29 7:18 a.m.•7 views

[SECURITY] [DLA 4187-1] varnish security update

Debian LTS Advisory DLA-4187-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 28, 2025 https://wiki.debian.org/LTS Package : varnish Version : 6.5.1-1+deb11u5 CVE ID : CVE-2025-47905 A client-side desync vulnerability can be triggered in Varnish, a...

5.4CVSS6.3AI score0.0029EPSS

Tenable Nessus•added 2025/05/29 12:0 a.m.•4 views

Amazon Linux 2 : nerdctl (ALAS-2025-2863)

The version of nerdctl installed on the remote host is prior to 2.0.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2863 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a...

9.1CVSS7.3AI score0.00294EPSS

Exploits0References6

Tenable Nessus•added 2025/05/29 12:0 a.m.•5 views

Debian dla-4187 : libvarnishapi-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4187 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4187-1 [email protected] https://www.debian.org/lts/security/...

5.4CVSS6.1AI score0.0029EPSS

Tenable Nessus•added 2025/05/29 12:0 a.m.•5 views

Amazon Linux 2 : oci-add-hooks (ALASNITRO-ENCLAVES-2025-061)

The version of oci-add-hooks installed on the remote host is prior to 0-0.3.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-061 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid...

9.1CVSS7AI score0.00294EPSS

RedhatCVE•added 2025/05/22 5:54 p.m.•4 views

CVE-2020-7659

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...

7.5CVSS6.8AI score0.00095EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:10 p.m.•3 views

CVE-2020-35884

An issue was discovered in the tinyhttp crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header...

6.5CVSS6.8AI score0.00239EPSS