Lucene search
+L

74 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.2 views

SUSE CVE-2013-2135

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "$" and "%" sequences, which causes the OGNL code to be evaluated twice...

9.3CVSS9.5AI score0.13828EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.5 views

SUSE CVE-2014-8103

X.Org Server aka xserver and xorg-server 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index value to the 1 sprocdri3queryversion, 2 sprocdri3open, 3...

6.5CVSS7.8AI score0.03379EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:49 a.m.3 views

SUSE CVE-2017-6355

Integer overflow in the vrendcreateshader function in vrendrenderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service process crash via crafted pktlength and offlen values, which trigger an out-of-bounds access...

5.5CVSS6.7AI score0.0043EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2022/11/17 8:0 a.m.4 views

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan() leading to a Denial of Service.

...

5.5CVSS7.4AI score0.00412EPSS
Exploits1
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.6 views

TCL LinkHub Mesh Wi-Fi 安全漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation. A security vulnerability exists in TCL LinkHub Mesh Wi-Fi version MS1G0001.0014, which stems from a buffer overflow vulnerability in the GetValue function, where a specially crafted configured value may cause a buffer overflow...

9.8CVSS8.9AI score0.01109EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.7 views

TCL LinkHub Mesh Wi-Fi 安全漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation. A security vulnerability exists in TCL LinkHub Mesh Wi-Fi version MS1G0001.0014, which stems from a buffer overflow vulnerability in the GetValue function, where a specially crafted configured value may cause a buffer overflow...

9.8CVSS8.9AI score0.01109EPSS
Exploits1References2
OSV
OSV
added 2022/05/14 1:57 a.m.3 views

GHSA-PW8R-X2QM-3H5M Arbitrary code execution in Apache Struts 2

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "$" and "%" sequences, which causes the OGNL code to be evaluated twice...

9.3CVSS6.2AI score0.13828EPSS
Exploits0References17
Github Security Blog
Github Security Blog
added 2021/05/10 6:44 p.m.71 views

Regular Expression Denial of Service in dat.gui

All versions of package dat.gui are vulnerable to Regular Expression Denial of Service ReDoS via specifically crafted rgb and rgba values...

7.5CVSS7.3AI score0.02073EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2021/04/29 4:15 p.m.23 views

CVE-2021-25810

Cross site Scripting XSS vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'srcdportstart', 'srcdportend', and 'destport' parameters...

6.1CVSS0.01111EPSS
Exploits1References3
Prion
Prion
added 2021/04/29 4:15 p.m.18 views

Cross site scripting

Cross site Scripting XSS vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'srcdportstart', 'srcdportend', and 'destport' parameters...

4.3CVSS6AI score0.01111EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/04/29 3:44 p.m.25 views

CVE-2021-25810

Cross site Scripting XSS vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'srcdportstart', 'srcdportend', and 'destport' parameters...

6.1AI score0.01111EPSS
Exploits1References3
Prion
Prion
added 2020/06/01 2:15 p.m.20 views

Integer overflow

plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...

4.3CVSS5.8AI score0.00746EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/04/12 12:0 a.m.1 views

Ruby HTTP Response Separation Vulnerability

Ruby a scripting language created for simple and fast object-oriented programming object-oriented programming. Ruby has an HTTP response separation vulnerability that can be exploited by an attacker to inject constructed keys and values into the HTTP response of the WEBrick server...

5.3CVSS6.6AI score0.0576EPSS
Exploits0References1
Prion
Prion
added 2017/03/10 2:59 a.m.14 views

Integer overflow

Integer overflow in the vrendcreateshader function in vrendrenderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service process crash via crafted pktlength and offlen values, which trigger an out-of-bounds access...

2.1CVSS5.6AI score0.0043EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2016/10/05 4:59 p.m.21 views

Design/Logic Flaw

The mcffecdotx function in hw/net/mcffec.c in QEMU aka Quick Emulator does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash via vectors involving a buffer descript...

2.1CVSS6.5AI score0.00409EPSS
Exploits0References8Affected Software2
Debian CVE
Debian CVE
added 2016/10/05 4:0 p.m.48 views

CVE-2016-7908

The mcffecdotx function in hw/net/mcffec.c in QEMU aka Quick Emulator does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash via vectors involving a buffer descript...

4.4CVSS6.3AI score0.00409EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/07/08 12:0 a.m.44 views

Amazon Linux AMI : tcpdump (ALAS-2015-557)

Integer signedness error in the mobilityoptprint function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service out-of-bounds read and crash or possibly execute arbitrary code via a negative length value. CVE-2015-0261 The osiprintcksum function...

7.5CVSS8AI score0.06845EPSS
Exploits0References3
OSV
OSV
added 2014/12/09 12:0 a.m.4 views

UBUNTU-CVE-2014-8099

The XVideo extension in XFree86 4.0.0, X.Org X Window System aka X11 or X X11R6.7, and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index...

6.5CVSS7.5AI score0.04316EPSS
Exploits0References4
Prion
Prion
added 2014/11/04 9:55 p.m.17 views

Buffer overflow

Multiple buffer overflows in the ssd0323load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via crafted 1 cmdlen, 2 row, or 3 col values; 4 rowstart and rowend values; or 5 colstar and...

7.5CVSS8.4AI score0.04056EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2014/11/04 9:0 p.m.39 views

CVE-2013-4538

Multiple buffer overflows in the ssd0323load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via crafted 1 cmdlen, 2 row, or 3 col values; 4 rowstart and rowend values; or 5 colstar and...

7.5CVSS9AI score0.04056EPSS
Exploits0
Rows per page
Query Builder