Lucene search
+L

268 matches found

OSV
OSV
added 2021/10/05 4:15 p.m.3 views

CVE-2021-35492

Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this...

6.5CVSS5.8AI score0.03284EPSS
Exploits1References3
Prion
Prion
added 2021/10/05 4:15 p.m.18 views

Design/Logic Flaw

Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this...

4CVSS6.5AI score0.03284EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/06/02 2:15 p.m.1 views

DEBIAN-CVE-2021-3546

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIOGPUCMDGETCAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on t...

8.2CVSS6.7AI score0.00463EPSS
Exploits0References1
OSV
OSV
added 2021/03/15 10:17 p.m.11 views

USN-4834-1 prosody vulnerability

It was discovered that Prosody incorrectly validated the virtual host associated with a user session across stream restarts. A remote attacker could use this issue to gain unintended access to resources...

8.8CVSS6.7AI score0.01657EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2021/03/15 10:17 p.m.27 views

USN-4834-1: Prosody vulnerability

It was discovered that Prosody incorrectly validated the virtual host associated with a user session across stream restarts. A remote attacker could use this issue to gain unintended access to resources...

8.8CVSS6.7AI score0.01657EPSS
Exploits0
Hacker One
Hacker One
added 2021/02/09 6:35 a.m.11 views

Kartpay: Host Header Injection

Summary: Hello Team, While performing security testing on your Main Domain, I found a Host Header Injection Vulnerability. Vulnerability Description: An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multip...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/11/04 1:55 a.m.4 views

dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

7.7CVSS7.2AI score0.02213EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.5 views

A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest under specific conditions can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.

...

7CVSS7AI score0.00561EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/06/23 2:27 p.m.6 views

dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption...

6.7CVSS7.2AI score0.00378EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/05/26 2:33 p.m.6 views

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

6.7CVSS7.1AI score0.00378EPSS
Exploits0References6
OSV
OSV
added 2020/05/19 7:15 p.m.7 views

AZL-38845 CVE-2020-10722 affecting package ceph for versions less than 18.2.2-1

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption...

6.7CVSS6.9AI score0.00378EPSS
Exploits0References1
OSV
OSV
added 2020/05/18 3:0 p.m.3 views

UBUNTU-CVE-2020-10722

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption...

6.7CVSS6.9AI score0.00378EPSS
Exploits0References3
Veracode
Veracode
added 2020/04/10 1:6 a.m.22 views

Authorization Bypass

modcluster is vulnerable to authorization bypass. The vulnerability exists as it was found that modcluster allowed worker nodes to register on any virtual host vhost, regardless of the security constraints applied to other vhosts. In a typical environment, there will be one vhost configured...

7.5CVSS2.7AI score0.03197EPSS
Exploits1References18Affected Software2
Veracode
Veracode
added 2020/04/10 12:31 a.m.31 views

Authorization Bypass

php is vulnerable to authorization bypass. A flaw was found in the handling of the "mbstring.funcoverload" configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte...

2.1CVSS1.9AI score0.00948EPSS
Exploits2References19Affected Software1
OSV
OSV
added 2019/11/22 11:15 p.m.3 views

DEBIAN-CVE-2019-11291

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...

4.8CVSS4.9AI score0.00796EPSS
Exploits0References1
OSV
OSV
added 2019/10/16 4:15 p.m.8 views

UBUNTU-CVE-2019-11281

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user...

4.8CVSS5.6AI score0.01165EPSS
Exploits0References3
Kitploit
Kitploit
added 2019/10/16 12:32 p.m.927 views

Gobuster v3.0 - Directory/File, DNS And VHost Busting Tool Written In Go

Gobuster is a tool used to brute-force: URIs directories and files in web sites. DNS subdomains with wildcard support. Virtual Host names on target web servers. Oh dear God.. WHY!? Because I wanted: 1. ... something that didn't have a fat Java GUI console FTW. 2. ... to build something that just...

7.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/10/15 12:0 a.m.5 views

PT-2019-6097 · Pivotal +2 · Rabbitmq +1

Name of the Vulnerable Software and Affected Versions: Pivotal RabbitMQ versions prior to 3.7.18 RabbitMQ for PCF versions 1.15.x prior to 1.15.13 RabbitMQ for PCF versions 1.16.x prior to 1.16.6 RabbitMQ for PCF versions 1.17.x prior to 1.17.3 Description: The issue is related to incorrect user...

7.8CVSS5.1AI score0.04519EPSS
Exploits1References37
RedhatCVE
RedhatCVE
added 2019/01/25 4:19 p.m.45 views

CVE-2018-16880

A flaw was found in the Linux kernel's handlerx function in the vhostnet driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the...

7CVSS1.9AI score0.00561EPSS
Exploits0References2
Qualys Blog
Qualys Blog
added 2019/01/22 8:6 p.m.314 views

Qualys Cloud Platform (VM, PC) 8.16 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.16, contains several new improvements in Qualys Vulnerability Management and Qualys Policy Compliance, which includes new password security option, increased limit for virtual hosts that can be added to a subscription, added support...

7.6AI score
Exploits0
Rows per page
Query Builder