Lucene search
K

199 matches found

AlpineLinux
AlpineLinux
added 2021/06/01 12:28 p.m.104 views

CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

7.7CVSS6.7AI score0.52838EPSS
Exploits10
Positive Technologies
Positive Technologies
added 2021/05/25 12:0 a.m.8 views

PT-2021-3126

Name of the Vulnerable Software and Affected Versions nginx versions 1.20.0 Description A security issue in the nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause a 1-byte memory overwrite, resulting in a worker process crash...

7.7CVSS7.9AI score0.52838EPSS
Exploits10References177
UbuntuCve
UbuntuCve
added 2021/05/25 12:0 a.m.403 views

CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

7.7CVSS7.2AI score0.52838EPSS
Exploits10References4
NVD
NVD
added 2021/05/06 5:15 p.m.17 views

CVE-2019-25043

ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header...

5.3CVSS0.01216EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 5:15 p.m.4 views

DEBIAN-CVE-2019-25043

ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header...

5.3CVSS5.7AI score0.01216EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/05/06 5:15 p.m.20 views

CVE-2019-25043

ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header...

5.3CVSS6.1AI score0.01216EPSS
Exploits1References2
CVE
CVE
added 2021/05/06 4:32 p.m.46 views

CVE-2019-25043

CVE-2019-25043 affects ModSecurity 3.x prior to 3.0.4. The vulnerability arises from mishandling of key-value pair parsing, demonstrated by a string index out of range error and a worker-process crash triggered by a Cookie: =abc header. The impact is a crash/restart of workers, with no documented...

5.3CVSS5.3AI score0.01216EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/05/06 4:32 p.m.22 views

CVE-2019-25043

ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header...

5.3AI score0.01216EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2021/05/06 4:32 p.m.14 views

CVE-2019-25043

ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header...

5.3CVSS5.3AI score0.01216EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2021/05/06 12:0 a.m.4 views

PT-2021-4072 · Unknown · Modsecurity

Name of the Vulnerable Software and Affected Versions: ModSecurity versions 3.x before 3.0.4 ModSecurity version 3.0.4 is not affected, so the range can be simplified to versions prior to 3.0.4. Description: The issue is related to incorrect parsing of key-value pairs, which can lead to a "string...

5.3CVSS5.2AI score0.01216EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2020/12/10 12:0 a.m.27 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : dovecot Multiple Vulnerabilities (NS-SA-2020-0105)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has dovecot packages installed that are affected by multiple vulnerabilities: - In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used ...

8.8CVSS7AI score0.02462EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/09/25 12:0 a.m.48 views

Oracle Linux 7 : olcne / nginx (ELSA-2020-5859)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5859 advisory. - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - Adress CVE-2019-9511 - Adress CVE-2018-16845 Tenable has extracted the precedin...

8.2CVSS7.3AI score0.62597EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2020/05/15 12:0 a.m.31 views

Amazon Linux AMI : dovecot (ALAS-2020-1363)

The version of dovecot installed on the remote host is prior to 2.2.36-6.19. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1363 advisory. In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker...

8.8CVSS7.1AI score0.02462EPSS
Exploits1References5
Veracode
Veracode
added 2020/04/01 12:38 a.m.29 views

Arbitrary Code Execution

dovecot is vulnerable to arbitrary code execution. A buffer overflow vulnerability in the indexer-worker process allows an attacker to execute arbitary code on the system...

8.8CVSS5.4AI score0.01178EPSS
Exploits0References18Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.35 views

Huawei EulerOS: Security Advisory for dovecot (EulerOS-SA-2019-1644)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.9AI score0.028EPSS
Exploits0References2
0day.today
0day.today
added 2019/12/14 12:0 a.m.455 views

Roxy Fileman 1.4.5 For .NET Directory Traversal Vulnerability

Exploit for php platform in category web applications =========================== Exploit Title: Roxy Fileman 1.4.5 for .NET - Directory Traversal Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net...

0.2AI score0.11617EPSS
Exploits5
OPENSUSE Linux
OPENSUSE Linux
added 2019/09/30 12:0 a.m.103 views

Security update for varnish (moderate)

openSUSE Security Update: Security update for varnish Announcement ID: openSUSE-SU-2019:2221-1 Rating: moderate References: 1149382 Cross-References: CVE-2019-15892 Affected Products: openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that fixes one vulnerability is now available...

7.8CVSS7.5AI score0.05789EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/09/26 12:0 a.m.32 views

openSUSE Security Update : varnish (openSUSE-2019-2184)

This update for varnish fixes the following issues : Security issue fixed : - CVE-2019-15892: Fixed a potential denial of service by sending crafted HTTP/1 requests boo1149382. Non-security issues fixed : - Updated the package to release 6.2.1. - Added a thread pool watchdog which will restart th...

7.8CVSS7.1AI score0.05789EPSS
Exploits0References2
MSRC
MSRC
added 2019/09/11 7:0 a.m.8 views

Attacking the VM Worker Process

In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. W...

7AI score
Exploits0
MSRC
MSRC
added 2019/09/11 7:0 a.m.13 views

Attacking the VM Worker Process

In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. W...

1.6AI score
Exploits0
Rows per page
Query Builder