85 matches found
Integer Overflow
uriparser is vulnerable to an Integer overflow. The vulnerability is due to insufficient input validation in ComposeQueryMallocExMm within UriQuery.c , which allows attackers to cause a Denial of service via long crafted strings...
Code injection
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service DoS via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about cod...
CVE-2023-51889
Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...
Mattermost Denial of Service Vulnerability (CNVD-2023-9448306)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from an inability to properly limit the characters allowed in different fields of a block in Mattermost Boards, which can be exploit...
CVE-2023-4397
A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50W series firmware version 5.37, and USG20W-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause...
Mattermost 资源管理错误漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from an inability to properly limit the characters allowed in different fields of a block in Mattermost Boards, which can be exploit...
PT-2023-7251 · Zyxel · Zyxel Usg Flex Series +3
Name of the Vulnerable Software and Affected Versions: Zyxel ATP series version 5.37 Zyxel USG FLEX series version 5.37 Zyxel USG FLEX 50W series version 5.37 Zyxel USG20W-VPN series version 5.37 Description: A buffer overflow issue in the firmware could allow an authenticated local attacker with...
SUSE CVE-2011-2724
The checkmtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the 1 device name and 2 mountpoint strings are composed of valid characters, which allows local users to cause a denial of service mtab corruption via a crafted string...
SUSE CVE-2018-6508
Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetconf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this...
formula 安全漏洞
formula is a math and string arithmetic library open-sourced by hapi.js. A security vulnerability exists in formula versions prior to 3.0.1, which stems from the fact that carefully crafted string input to the formula parser may result in polynomial execution time and denial of service...
Prototype Pollution
json5 is vulnerable to prototype pollution. The vulnerability exists in the internalize function in parse.js due to not restricting keys named proto which allows an attacker to inject specially crafted strings to pollute the prototype of the resulting object...
Tenda i9 formWifiMacFilterSet function buffer overflow vulnerability
Tenda i9 is an enterprise wireless AP device. tenda i9 formWifiMacFilterSet function function buffer overflow vulnerability can be exploited by attackers to cause a denial of service DoS via specially crafted strings...
Clinic‘s Patient Management System SQL注入漏洞
Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A security vulnerability exists in Clinic's Patient Management System v1.0, which can be exploited to construct special strings for SQL injection...
validate-color Denial of Service Vulnerability (CNVD-2022-66398 )
validate-color is a Norwegian Wallace Sidhrée personal developer for validating HTML colors. A denial of service vulnerability exists in validate-color version v2.1.0, which can be exploited to cause a Regular Expression Denial of Service ReDOS by an attacker who fails to properly handle a crafte...
Apache Log4j SQL Injection Vulnerability
Apache Log4j, a Java-based open source logging tool from the Apache Foundation, is vulnerable to SQL injection, which stems from a JDBCAppender in Log4j 1.2.x that accepts a SQL statement as a configuration parameter, where the value to be inserted is from the PatternLayout's converter. The messa...
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."
...
PYSEC-2021-855
Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects...
UBUNTU-CVE-2021-34141
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...
Inefficient Regular Expression Complexity in daaku/nodejs-tmpl
✍️ Description It allows cause a denial of service when formatting crafted string. 🕵️♂️ Proof of Concept // PoC.js var tmpl = require"tmpl" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = ""+"".repeati10000+"answer"; tmplattackstr, answer: 42 var timecost = Date.now - time;...
UBUNTU-CVE-2021-20329
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to a...