Denial Of Service (DoS)

kaml is vulnerable to Denial Of Service DoS. The vulnerability exists because the library by default parses anchors and alias tags, which allows an attacker to cause a billion laugh style attack by providing a malicious input, leading to an application crash...

CVE-2022-29273

pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters...

CVE-2022-29273

pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters...

Design/Logic Flaw

pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters...

CVE-2022-29273

pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters...

PT-2023-12967 · Unknown · Pfsense Ce +1

Name of the Vulnerable Software and Affected Versions: pfSense CE versions 2.6.0 and earlier pfSense Plus versions prior to 22.05 Description: The issue allows for XSS in the WebGUI via URL Table Alias URL parameters. This means an attacker could potentially inject malicious scripts into the web...

CVE-2022-29273

CVE-2022-29273 affects pfSense CE up to version 2.6.0 and pfSense Plus up to 22.04/22.05; it enables cross-site scripting in the WebGUI via URL Table Alias URL parameters. The available connected docs confirm the flaw and affected versions; there are no explicit exploit details. Remediation prese...

CVE-2022-29273

pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters...

SUSE CVE-2004-0083

Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file font.alias with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106...

SUSE CVE-2004-0084

Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias font.alias file, a different vulnerability than CVE-2004-0083 and...

SUSE CVE-2006-3694

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving 1 the alias function and 2 "directory operations"...

SUSE CVE-2007-2683

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion...

SUSE CVE-2007-5424

The disablefunctions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using inialter when iniset is disabled...

SUSE CVE-2014-0209

Multiple integer overflows in the 1 FontFileAddEntry and 2 lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffe...

SUSE CVE-2014-2655

SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...

SUSE CVE-2016-10160

Off-by-one error in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch...

SUSE CVE-2017-11553

There is an illegal address access in the extendaliastable function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service...

SUSE CVE-2018-10054

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

SUSE CVE-2018-19052

An issue was discovered in modaliasphysicalhandler in modalias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific modalias configuration where the matched alias lacks a trailing '/' character, but the alias target...

SUSE CVE-2019-9855

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...