Lucene search
K

11155 matches found

OSV
OSV
added 2024/05/02 9:30 p.m.1 views

GHSA-6433-X5P4-8JC7 libxmljs vulnerable to type confusion when parsing specially crafted XML

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop a...

9.2CVSS7.7AI score0.01103EPSS
Exploits1References4
OSV
OSV
added 2024/05/02 9:30 p.m.3 views

GHSA-MJR4-7XG5-PFVH libxmljs2 type confusion vulnerability when parsing specially crafted XML

libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop and remote code...

9.2CVSS6.5AI score0.0096EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/02 9:30 p.m.40 views

libxmljs2 type confusion vulnerability when parsing specially crafted XML

libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop and remote code...

8.1CVSS8AI score0.0096EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/02 9:30 p.m.31 views

libxmljs vulnerable to type confusion when parsing specially crafted XML

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop a...

9.8CVSS8AI score0.01103EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/05/02 7:15 p.m.8 views

CVE-2024-34391

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop a...

9.8CVSS8.3AI score0.01103EPSS
Exploits1References2
NVD
NVD
added 2024/05/02 7:15 p.m.12 views

CVE-2024-34393

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop...

8.1CVSS8.3AI score0.0096EPSS
Exploits0References2
OSV
OSV
added 2024/05/02 7:15 p.m.2 views

CVE-2024-34391

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop a...

9.8CVSS8.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 6:56 p.m.21 views

CVE-2024-34393 libxmljs2 attrs type confusion RCE

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop...

8.1CVSS7.7AI score0.0096EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 6:56 p.m.65 views

CVE-2024-34393

Libxmljs2 contains a type confusion vulnerability related to parsing specially crafted XML and then calling attrs() on the result of a parsed node. Affected component is the libxmljs2 XML parsing path; the underlying issue is a type confusion when attrs() is invoked on the grandchild node or resu...

8.1CVSS8.2AI score0.0096EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 6:54 p.m.51 views

CVE-2024-34391

Summary: CVE-2024-34391 affects libxmljs due to a type confusion when parsing specially crafted XML and calling a function on the result of attrs() on a parsed node. This can lead to severe outcomes including DoS, data leakage, infinite loops, and, on 32-bit systems with XML_PARSE_HUGE, remote co...

9.8CVSS8.2AI score0.01103EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/05/02 2:15 p.m.5 views

AZL-43369 CVE-2024-30251 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

7.5CVSS6.6AI score0.01085EPSS
Exploits0References1
OSV
OSV
added 2024/05/02 2:15 p.m.3 views

DEBIAN-CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

7.5CVSS6.6AI score0.01085EPSS
Exploits0References1
OSV
OSV
added 2024/05/02 2:15 p.m.3 views

UBUNTU-CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

7.5CVSS6.7AI score0.01085EPSS
Exploits0References9
OSV
OSV
added 2024/05/02 1:55 p.m.41 views

CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

7.5CVSS6.3AI score0.01085EPSS
Exploits0References8
CVE
CVE
added 2024/05/02 1:55 p.m.333 views

CVE-2024-30251

CVE-2024-30251 affects aio-libs aiohttp. An attacker can send a specially crafted POST (multipart/form-data) request and the aiohttp server may enter an infinite loop while processing it, causing a denial of service. The issue is addressed in a patched version (3.9.4); remediation is to upgrade t...

7.5CVSS6.3AI score0.01085EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.8 views

PT-2024-3818

Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.9.4 Description The issue is related to an infinite loop that occurs when the aiohttp server processes a specially crafted POST multipart/form-data request. This allows an attacker to stop the application from servi...

7.8CVSS6.6AI score0.01085EPSS
Exploits0References62
RedHat Linux
RedHat Linux
added 2024/04/30 1:36 p.m.4 views

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/04/30 10:39 a.m.44 views

Moderate: Red Hat Security Advisory: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

6.5CVSS6.9AI score0.01131EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/04/30 10:39 a.m.3 views

libtiff: infinite loop via a crafted TIFF file

A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service...

6.5CVSS7.3AI score0.00805EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/04/30 10:9 a.m.1 views

libX11: stack exhaustion from infinite recursion in PutSubImage()

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition...

5.5CVSS5.7AI score0.00461EPSS
Exploits1References4
Rows per page
Query Builder