Unspecified vulnerability in Linux kernel (CNVD-2020-28265)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in Linux kernel 5.6.11 and earlier versions, which stems from sgwrite not calling sgremoverequest.An attacker could exploit this...

CVE-2007-5731

Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461...

Denial Of Service (Dos)

httpd is vulnerable to denial of service. Whitespace characters from CDATA sections are not properly removed in the davxmlgetcdata function in main/util.c, which would allow remote attackers to crash the daemon via a malicious DAV WRITE request...

Apache 2.4.x < 2.4.9 Multiple Vulnerabilities

According to its banner, the version of Apache 2.4.x running on the remote host is a version prior to 2.4.9. It is, therefore, affected by the following vulnerabilities : - A flaw exists with the 'moddav' module that is caused when tracking the length of CDATA that has leading white space. A remo...

Path Traversal

Apache Tomcat servlets-webdav is vulnerable to path traversal. A remote authenticated user is able to submit absolute file paths to read arbitrary files via a WebDAV write request which specifies an entry with a SYSTEM tag...

kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and...

kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests

The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and...

Wireshark 'profinet/packet-dcerpc-pn-io.c' Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in the 'dissectIODWriteReq' function in the...

UBUNTU-CVE-2017-9766

In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service stack exhaustion in the dissectIODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c...

CVE-2017-6899

The msmbusdbgupdaterequestwrite function in drivers/platform/msm/msmbus/msmbusdbg.c in androidkernelhuaweimsm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices, allows attackers to cause a denial of service NULL pointer dereference and device crash via a crafted...

CVE-2017-7237

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ aka Write reque...

CVE-2016-5343

drivers/soc/qcom/qdsp6v2/voicesvc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to cause a denial of service memory corruption or possibly have unspecified other...

CVE-2015-5707

Integer overflow in the sgstartreq function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iovcount value in a write request...

CVE-2015-5707

Integer overflow in the sgstartreq function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iovcount value in a write request...

UBUNTU-CVE-2015-5707

Integer overflow in the sgstartreq function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iovcount value in a write request...

httpd: mod_dav denial of service via crafted DAV WRITE request

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

httpd: mod_dav denial of service via crafted DAV WRITE request

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

httpd: mod_dav denial of service via crafted DAV WRITE request

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

KLA10067 DoS vulnerabilities in Apache httpd

Multiple serious vulnerabilities have been found in Apache httpd. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities 1. Vectors related to modlogconfig can be exploited remotely via a specially designed cookie; 2. An improper...

DEBIAN-CVE-2013-6438

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...