Lucene search
K

85 matches found

Veracode
Veracode
added 2024/05/06 6:24 a.m.23 views

Integer Overflow

uriparser is vulnerable to an Integer overflow. The vulnerability is due to insufficient input validation in ComposeQueryMallocExMm within UriQuery.c , which allows attackers to cause a Denial of service via long crafted strings...

5.9CVSS6.6AI score0.01316EPSS
Exploits0References8Affected Software2
Prion
Prion
added 2024/01/30 9:15 a.m.25 views

Code injection

An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service DoS via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about cod...

5CVSS7.5AI score0.01073EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/01/24 6:15 p.m.7 views

CVE-2023-51889

Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...

9.8CVSS7.7AI score0.01277EPSS
Exploits1References1
CNVD
CNVD
added 2023/11/30 12:0 a.m.16 views

Mattermost Denial of Service Vulnerability (CNVD-2023-9448306)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from an inability to properly limit the characters allowed in different fields of a block in Mattermost Boards, which can be exploit...

7.5CVSS6.7AI score0.00723EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/28 1:42 a.m.31 views

CVE-2023-4397

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50W series firmware version 5.37, and USG20W-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause...

4.4CVSS5.3AI score0.00233EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.3 views

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from an inability to properly limit the characters allowed in different fields of a block in Mattermost Boards, which can be exploit...

7.5CVSS6.6AI score0.00723EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.5 views

PT-2023-7251 · Zyxel · Zyxel Usg Flex Series +3

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series version 5.37 Zyxel USG FLEX series version 5.37 Zyxel USG FLEX 50W series version 5.37 Zyxel USG20W-VPN series version 5.37 Description: A buffer overflow issue in the firmware could allow an authenticated local attacker with...

4.6CVSS5.1AI score0.00233EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.3 views

SUSE CVE-2011-2724

The checkmtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the 1 device name and 2 mountpoint strings are composed of valid characters, which allows local users to cause a denial of service mtab corruption via a crafted string...

1.2CVSS7.2AI score0.00431EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.5 views

SUSE CVE-2018-6508

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetconf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this...

8CVSS8AI score0.01906EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.5 views

formula 安全漏洞

formula is a math and string arithmetic library open-sourced by hapi.js. A security vulnerability exists in formula versions prior to 3.0.1, which stems from the fact that carefully crafted string input to the formula parser may result in polynomial execution time and denial of service...

6.5CVSS7.1AI score0.00611EPSS
Exploits0References4
Veracode
Veracode
added 2023/01/05 7:22 a.m.148 views

Prototype Pollution

json5 is vulnerable to prototype pollution. The vulnerability exists in the internalize function in parse.js due to not restricting keys named proto which allows an attacker to inject specially crafted strings to pollute the prototype of the resulting object...

8.8CVSS8.6AI score0.09304EPSS
Exploits1References9Affected Software7
CNVD
CNVD
added 2022/09/26 12:0 a.m.28 views

Tenda i9 formWifiMacFilterSet function buffer overflow vulnerability

Tenda i9 is an enterprise wireless AP device. tenda i9 formWifiMacFilterSet function function buffer overflow vulnerability can be exploited by attackers to cause a denial of service DoS via specially crafted strings...

7.5CVSS5.3AI score0.00756EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.3 views

Clinic‘s Patient Management System SQL注入漏洞

Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A security vulnerability exists in Clinic's Patient Management System v1.0, which can be exploited to construct special strings for SQL injection...

9.8CVSS8.5AI score0.00754EPSS
Exploits0References2
CNVD
CNVD
added 2022/06/28 12:0 a.m.19 views

validate-color Denial of Service Vulnerability (CNVD-2022-66398 )

validate-color is a Norwegian Wallace Sidhrée personal developer for validating HTML colors. A denial of service vulnerability exists in validate-color version v2.1.0, which can be exploited to cause a Regular Expression Denial of Service ReDOS by an attacker who fails to properly handle a crafte...

7.5CVSS7.2AI score0.0112EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/20 12:0 a.m.39 views

Apache Log4j SQL Injection Vulnerability

Apache Log4j, a Java-based open source logging tool from the Apache Foundation, is vulnerable to SQL injection, which stems from a JDBCAppender in Log4j 1.2.x that accepts a SQL statement as a configuration parameter, where the value to be inserted is from the PatternLayout's converter. The messa...

9.8CVSS1.6AI score0.66537EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2022/01/05 8:0 a.m.3 views

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."

...

5.3CVSS6.7AI score0.01561EPSS
Exploits1
PyPA
PyPA
added 2021/12/17 7:15 p.m.5 views

PYSEC-2021-855

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects...

5.3CVSS6.9AI score0.01561EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/12/17 7:15 p.m.4 views

UBUNTU-CVE-2021-34141

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...

5.3CVSS6.8AI score0.01561EPSS
Exploits1References5
Huntr
Huntr
added 2021/09/04 4:23 p.m.28 views

Inefficient Regular Expression Complexity in daaku/nodejs-tmpl

✍️ Description It allows cause a denial of service when formatting crafted string. 🕵️‍♂️ Proof of Concept // PoC.js var tmpl = require"tmpl" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = ""+"".repeati10000+"answer"; tmplattackstr, answer: 42 var timecost = Date.now - time;...

7.8CVSS2.1AI score0.01298EPSS
Exploits1
OSV
OSV
added 2021/06/10 5:15 p.m.3 views

UBUNTU-CVE-2021-20329

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to a...

6.8CVSS7.3AI score0.00961EPSS
Exploits0References3
Rows per page
Query Builder