7 matches found
CVE-2024-26458
CVE-2024-26458 is documented in IBM Security Bulletins as affecting IBM Application Gateway (versions 23.10–25.09) with Kerberos 5 (krb5) 1.21.2 memory leak in /krb5/src/lib/rpc/pmap_rmt.c. IBM lists remediation: update to fixed IBM Application Gateway release and container image. Upgrading via d...
CVE-2024-26461
CVE-2024-26461 affects Kerberos 5 (krb5) 1.21.2, with a memory leak in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Several advisories (e.g., AlmaLinux ALSA-2024:3268, Astra Linux bulletin, CBLMARINER entries) confirm the issue and indicate a patched version: krb5 1.21.3-1 (or newer). The connected docu...
CVE-2024-38475
CVE-2024-38475 affects Apache HTTP Server 2.4.59 and earlier, where improper escaping of output in mod_rewrite can map URLs to filesystem locations that are served but not directly reachable, enabling remote code execution or source code disclosure. The issue also involves substitutions in server...
CVE-2024-6119
OpenSSL CVE-2024-6119 causes a denial of service when applications perform certificate name checks (e.g., TLS server name validation). The issue stems from reading an invalid memory address during name comparison (e.g., otherName in X.509) and may terminate the process. Multiple connected advisor...
CVE-2022-42915
CVE-2022-42915 affects curl. A double-free can occur in curl 7.77.0 and later when using an HTTP proxy for non-HTTP(S) URLs, if the proxy returns a non-200 status and the URL uses schemes such as dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The error/cleanup path may trigger the me...
CVE-2023-27535
CVE-2023-27535 affects libcurl
CVE-2024-53580
CVE-2024-53580 affects iperf3, with a segmentation fault triggered in iperf_exchange_parameters() in version 3.17.1. Public sources indicate the issue impacts iperf3 and is addressed in the 3.18 line (e.g., patches and advisories across Linux distributions such as Debian LTS, Amazon Linux ALAS/AL...