Lucene search
K

238 matches found

RedHat Linux
RedHat Linux
added 2022/09/08 11:31 a.m.18 views

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

7.5CVSS6.8AI score0.03949EPSS
Exploits1References5
OSV
OSV
added 2022/07/18 7:24 p.m.3 views

CLSA-2022-1658172267 Fix CVE(s): CVE-2022-2206, CVE-2022-2257, CVE-2022-2286, CVE-2022-2285, CVE-2022-2284, CVE-2022-2287, CVE-2022-2264

SECURITY UPDATE: Out-of-bound read in function msgouttransattr - debian/patches/CVE-2022-2206.patch: Adjust cmdlinerow and msgrow to the value of Rows. - CVE-2022-2206 SECURITY UPDATE: Heap-based buffer overflow in function utfcptr2len - debian/patches/CVE-2022-2284.patch: Stop Visual mode when...

8CVSS6.9AI score0.01363EPSS
Exploits7References1
OSV
OSV
added 2022/07/18 7:18 p.m.5 views

CLSA-2022-1658171898 Fixed 7 CVEs in vim

CVE-2022-2206: adjust cmdlinerow and msgrow to the value of Rows - CVE-2022-2284: stop visual mode when closing a window - CVE-2022-2285: put a NUL after the typeahead - CVE-2022-2286: check the length of the string - CVE-2022-2287: disallow adding a word with control characters or a trailing...

8CVSS7.2AI score0.01363EPSS
Exploits7References1
NVD
NVD
added 2022/07/17 11:15 p.m.15 views

CVE-2022-31209

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy without checking the string length beforehand...

10CVSS0.01168EPSS
Exploits1References1
Hacker One
Hacker One
added 2022/07/15 5:47 p.m.9 views

MTN Group: String length restriction byepass at https://callerfeel.mtnonline.com/profile/feedback.html

Summary: Hi, hope you are well : I found that the attacker can bye pass the lenght restriction of user name at the feedback form Steps To Reproduce: F1823237 Impact Attacker can make the receiver page to delay and can cause application level dos Mitigation: Restrict the lenght of the string in...

Exploits0
NVD
NVD
added 2022/06/14 10:15 a.m.17 views

CVE-2021-35100

Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

7.8CVSS0.00568EPSS
Exploits0References1
Prion
Prion
added 2022/06/14 10:15 a.m.24 views

Buffer overflow

Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

7.8CVSS7.6AI score0.00568EPSS
Exploits0References1
CVE
CVE
added 2022/06/14 10:11 a.m.89 views

CVE-2021-35100

CVE-2021-35100 is a buffer over-read in Qualcomm Snapdragon components caused by improper calculation of string length when parsing Id3 tags. Affected products include Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables. The vulnerability ste...

7.8CVSS7.6AI score0.00568EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/14 10:11 a.m.21 views

CVE-2021-35100

Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

7.5CVSS7.8AI score0.00568EPSS
Exploits0References1
Prion
Prion
added 2021/09/09 12:15 p.m.16 views

Heap overflow

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the ArkDigPathA function parsed a file path. This vulnerability is due to missing support for string length check...

6.8CVSS7.7AI score0.00643EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/09/09 11:16 a.m.48 views

CVE-2021-26603

CVE-2021-26603 describes a heap overflow in Bandisoft’s ARK library caused by Ark_DigPathA parsing a file path without proper string length checks. The issue affects the ARK library and is documented with multiple sources (NVD, Red Hat, CVE lists). The vulnerability is described as a heap overflo...

8.6CVSS7.9AI score0.00643EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/09 11:16 a.m.22 views

CVE-2021-26603 bandisoft ARK library heap overflow vulnerability

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the ArkDigPathA function parsed a file path. This vulnerability is due to missing support for string length check...

8.6CVSS8.8AI score0.00643EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.6 views

Bandisoft ARK library 缓冲区错误漏洞

Bandisoft ARK library is a Korean Bandisoft library for decompressing most of the existing compression formats such as ZIP, RAR, ALZ, EGG, etc. in various OS environments such as Windows, macOS, Linux, etc. and creating compressed files in ZIP/7Z format. A buffer error vulnerability exists in the...

8.6CVSS7.6AI score0.00643EPSS
Exploits0References2
Hacker One
Hacker One
added 2021/06/26 2:47 a.m.7 views

Khan Academy: Client Side string length check

A client-side string length check vulnerability allowed an attacker to save excessively long strings in the "Class Settings" page on khanacademy.org, potentially causing various issues such as content manipulation, page template breaking, and crashing for low-memory visitors...

7AI score
Exploits0
OSV
OSV
added 2021/04/06 5:15 a.m.4 views

CVE-2021-28194

The specific function in ASUS BMC’s firmware Web management page Remote image configuration setting does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate th...

4.9CVSS5.9AI score0.0181EPSS
Exploits0References3
Prion
Prion
added 2021/04/06 5:15 a.m.17 views

Buffer overflow

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service...

4CVSS5.3AI score0.0186EPSS
Exploits0References3Affected Software3
Cvelist
Cvelist
added 2021/04/06 5:2 a.m.13 views

CVE-2021-28201 ASUS BMC's firmware: buffer overflow - Service configuration-1 function

The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service...

4.9CVSS5.6AI score0.0181EPSS
Exploits0References3
CVE
CVE
added 2021/04/06 5:2 a.m.65 views

CVE-2021-28187

The CVE-2021-28187 entry concerns ASUS BMC firmware’s Web management page, specifically the Generate new SSL certificate function. The root cause is failure to validate the length of user-entered strings, leading to a Buffer Overflow. Reported impact states that a remote attacker could use this l...

4.9CVSS5.2AI score0.01154EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.5 views

ASUS BMC Firmware 安全特征问题漏洞

ASUS BMC Firmware is a firmware from Asus China. A security signature issue vulnerability exists in the ASUS BMC firmware Web management page, which originates from a buffer overflow vulnerability due to the Firmware update function not validating the length of a user-entered string. A remote...

4.9CVSS6AI score0.0181EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.4 views

ASUS BMC Firmware 安全特征问题漏洞

ASUS BMC Firmware is a firmware from Asus China. A security signature issue vulnerability exists in the ASUS BMC firmware Web management page, which originates from a buffer overflow vulnerability due to a specific function not validating the length of a user-entered string. A remote attacker cou...

4.9CVSS6AI score0.01154EPSS
Exploits0References3
Rows per page
Query Builder