Vulnerabilities
Vulnerable Software
Fedoraproject:  >> Fedora  Security Vulnerabilities
Libarchive Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.879
Published
2024-04-09
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
CVSS Score
7.3
EPSS Score
0.039
Published
2024-04-04
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
CVSS Score
6.3
EPSS Score
0.029
Published
2024-04-04
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
CVSS Score
7.5
EPSS Score
0.913
Published
2024-04-04
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
CVSS Score
3.9
EPSS Score
0.007
Published
2024-04-04
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
CVSS Score
2.6
EPSS Score
0.008
Published
2024-04-04
pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.
CVSS Score
7.4
EPSS Score
0.648
Published
2024-04-04
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
CVSS Score
5.3
EPSS Score
0.85
Published
2024-04-04
A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.5
EPSS Score
0.012
Published
2024-04-02
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
CVSS Score
8.2
EPSS Score
0.008
Published
2024-03-29


Contact Us

Shodan ® - All rights reserved