Lucene search
K

255 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.3 views

SUSE CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

7.5CVSS7AI score0.03546EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.3 views

SUSE CVE-2013-6954

The pngdoexpandpalette function in libpng before 1.6.8 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via 1 a PLTE chunk of zero bytes or 2 a NULL palette, related to pngrtran.c and pngset.c...

6.5CVSS8.8AI score0.04692EPSS
Exploits1References13
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.4 views

SUSE CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

6.4CVSS7.3AI score0.16934EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.4 views

SUSE CVE-2014-5355

MIT Kerberos 5 aka krb5 through 1.13.1 incorrectly expects that a krb5readmessage data field is represented as a string ending with a '\0' character, which allows remote attackers to 1 cause a denial of service NULL pointer dereference via a zero-byte version string or 2 cause a denial of service...

5CVSS6.9AI score0.04587EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.3 views

SUSE CVE-2015-2694

The kdcpreauth modules in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing 1 zero bytes of data or 2 an arbitrary realm name,...

5.8CVSS7.1AI score0.02838EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.3 views

SUSE CVE-2016-8646

The hashaccept function in crypto/algifhash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service OOPS by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data...

5.5CVSS7.2AI score0.00426EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:55 a.m.4 views

SUSE CVE-2016-9448

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and crash by setting the tags TIFFSETGETC16ASCII or TIFFSETGETC32ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix f...

7.5CVSS7AI score0.04975EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.2 views

SUSE CVE-2017-1000257

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size zero to the deliver-data function. libcurl's deliver-data function treats zero as a mag...

4.8CVSS7.1AI score0.06224EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.4 views

SUSE CVE-2022-4450

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

5.9CVSS7.4AI score0.20444EPSS
Exploits0References77
Positive Technologies
Positive Technologies
added 2023/02/09 12:0 a.m.3 views

PT-2023-32971 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 1.1.0 Description: A double-free issue exists where a malicious PEM file with 0 bytes of payload data can cause a crash when parsed. This occurs because the file points to already freed memory, which when freed again...

7AI score
Exploits0References6
OSV
OSV
added 2023/02/08 8:15 p.m.1 views

ALPINE-CVE-2022-4450

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

7.5CVSS7.4AI score0.20444EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/20 12:0 a.m.5 views

PT-2023-6757 · Apache +4 · Apache +4

Name of the Vulnerable Software and Affected Versions: ModSecurity versions prior to 2.9.7 Description: The issue is related to errors in security settings of the WAF engine for Apache ModSecurity. It may allow a remote attacker to bypass existing firewall rules. The problem also involves incorre...

9.8CVSS7.6AI score0.03206EPSS
Exploits2References51
OSV
OSV
added 2022/08/31 8:15 p.m.5 views

CVE-2022-1841

In subsys/net/ip/tcp.c , function tcpflags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero...

5.3CVSS5.5AI score0.00497EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/05/10 2:18 p.m.3 views

httpd: Single zero byte stack overflow in mod_auth_digest

A flaw was found in Apache httpd. The modauthdigest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.3CVSS7.3AI score0.53191EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/10 5:20 p.m.6 views

httpd: Single zero byte stack overflow in mod_auth_digest

A flaw was found in Apache httpd. The modauthdigest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.3CVSS7.3AI score0.53191EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/10 5:14 p.m.4 views

httpd: Single zero byte stack overflow in mod_auth_digest

A flaw was found in Apache httpd. The modauthdigest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.3CVSS7.3AI score0.53191EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2021/10/27 12:0 a.m.4 views

The vulnerability of the library for reading, creating, and editing DjVu files, DjVuLibre, is related to reading data beyond the allowed buffer limits, allowing an intruder to cause a service failure.

The vulnerability of the library for viewing, creating, and editing DjVu files in DjVuLibre is related to the lack of checks for zero bytes. Exploiting this vulnerability could allow a malicious actor to cause service failures...

6.5CVSS6AI score0.01573EPSS
Exploits1References9Affected Software3
OpenVAS
OpenVAS
added 2021/06/07 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1961)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.04328EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.3 views

EasyApache 缓冲区错误漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API. Apache HTTP Server is vulnerable to a per-zero-byte stack overflow in modauthdigest, which can be exploited to trigger remote code execution or...

7.3CVSS6.5AI score0.53191EPSS
Exploits0References30
OSV
OSV
added 2021/05/12 3:15 p.m.1 views

ALPINE-CVE-2020-27840

A flaw was found in samba. Spaces used in a string around a domain name DN, while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability...

7.5CVSS6.6AI score0.03833EPSS
Exploits0References1
Rows per page
Query Builder