Lucene search
K

67 matches found

OSV
OSV
added 2023/03/22 8:15 p.m.3 views

UBUNTU-CVE-2023-28119

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

7.5CVSS7.3AI score0.00957EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.9 views

Crewjam Saml 安全漏洞

Crewjam Saml is a Go-based implementation of a codebase that interacts with Saml format files by the individual developers of Crewjam. A security vulnerability exists in Crewjam Saml versions prior to 0.4.13, which stems from not limiting the size of input to flate.NewReader...

7.5CVSS7.2AI score0.00957EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.6 views

PT-2023-21576 · Saml +1 · Saml +1

Name of the Vulnerable Software and Affected Versions: github.com/crewjam/saml versions prior to 0.4.13 Description: The issue arises from the package's use of flate.NewReader without limiting the size of the input. This allows a user to pass more than 1 MB of data in an HTTP request to the...

9.8CVSS7.4AI score0.84607EPSS
Exploits5References89
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.4 views

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

7.5CVSS6.8AI score0.04923EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/01/28 12:0 a.m.3 views

Discourse 资源管理错误漏洞

Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A resource management error vulnerability exists in Discourse versions prior to 3.0.1 stable, 3.1.0.beta2 beta and test-passed, which stems from a large amount of data floodin...

4.3CVSS5.1AI score0.00678EPSS
Exploits0References5
OSV
OSV
added 2016/12/10 12:59 a.m.2 views

DEBIAN-CVE-2016-7421

The pvscsiringpopreqdescr function in hw/scsi/vmwpvscsi.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit process IO loop to the ring size...

4.4CVSS8.5AI score0.00405EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2006/07/20 12:0 a.m.31 views

Microsoft Internet Explorer 6 - String To Binary Function Denial of Service

source: https://www.securityfocus.com/bid/19102/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to properly bounds-check user-supplied input. Remote attackers can exploit this issue to crash the application, causing a denial-of-service...

7.4AI score
Exploits0
Rows per page
Query Builder