Azat Khuzhin

6 exploits Active since Mar 2017
CVE-2016-10195 WRITEUP CRITICAL WRITEUP
libevent < 2.1.6-beta - Out-of-bounds Read in evdns.c name_parse Function
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
CVSS 9.8
CVE-2016-10196 WRITEUP HIGH WRITEUP
Debian Linux < 2.1.5 - Out-of-Bounds Write
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
CVSS 7.5
CVE-2016-10197 WRITEUP HIGH WRITEUP
Debian Linux < 2.1.5 - Out-of-Bounds Read
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
CVSS 7.5
CVE-2016-10195 WRITEUP CRITICAL WRITEUP
libevent < 2.1.6-beta - Out-of-bounds Read in evdns.c name_parse Function
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
CVSS 9.8
CVE-2016-10196 WRITEUP HIGH WRITEUP
Debian Linux < 2.1.5 - Out-of-Bounds Write
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
CVSS 7.5
CVE-2019-18657 WRITEUP MEDIUM WRITEUP
ClickHouse <19.13.5.44 - HTTP Header Injection
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.
CVSS 5.3