158 matches found
UBUNTU-CVE-2025-6170
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare...
CVE-2025-6170
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare...
PT-2025-37210
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A buffer overflow issue was identified in the add tuning control function within the ALSA subsystem. The sprintf function call could exceed the allocated buffer size of 44 bytes if the...
PT-2025-6712 · Effectmatrix · Effectmatrix Total Video Converter Command Line
Name of the Vulnerable Software and Affected Versions: Effectmatrix Total Video Converter Command Line TVCC version 2.50 Description: A stack-based buffer overflow issue exists when an overly long string is passed to the -f parameter. This can lead to memory corruption, potentially allowing...
PHP 安全漏洞
PHP is a scripting language in which PHP is executed server-side. A security vulnerability exists in PHP. An attacker who exploits this vulnerability can cause an integer overflow by entering an uncontrolled long string into the ldapescape function, resulting in an out-of-bounds write. The...
PT-2024-30542 · Fugit +1 · Fugit +1
Name of the Vulnerable Software and Affected Versions: fugit versions prior to 1.11.1 Description: The fugit "natural" parser, which turns natural language into cron expressions, accepted any length of input and attempted to parse it without returning promptly. This could cause the parse call to...
The vulnerability of the Range header analysis component in the module interface between web servers and web applications in Rack architecture allows a attacker to cause a service failure.
The vulnerability of the Range header analysis component in the module interface between web servers and web applications in Rack relates to the processing of input data, which can take an unexpected amount of time. Exploiting this vulnerability may allow a malicious actor to cause service failur...
USN-6674-1 python-django vulnerability
Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service...
SUSE CVE-2024-26134
cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 8949 serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a...
PT-2024-20220 · Eserver · Ezserver
Name of the Vulnerable Software and Affected Versions: EzServer version 6.4.017 Description: The issue allows a denial of service daemon crash via a long string, such as one for the RNTO command. Recommendations: For EzServer version 6.4.017, consider restricting the length of input strings to...
CVE-2023-46402
A flaw was found in the git-urls package. This issue occurs when a long input is provided inside the directory path of the git url. This could lead to loading delays or a regular expression denial of service...
Design/Logic Flaw
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...
SUSE CVE-2009-0148
Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as 1 source-code tokens and 2 pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541...
SUSE CVE-2010-1634
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service application crash via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a...
SUSE CVE-2012-5959
Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN aka uuid field within a...
SUSE CVE-2013-0223
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function...
SUSE CVE-2022-31631
In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...
Denial Of Service (DoS)
go:edge is vulnerable to Denial Of Service DoS. A malicious user is able to cause an application to crash via long scalar input...
CVE-2021-24893
The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated...
CVE-2021-23424
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...