Lucene search
K

71 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/02 5:42 p.m.5 views

CVE-2026-34593

Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...

8.2CVSS5.8AI score0.00423EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

Ash Framework 资源管理错误漏洞

Ash Framework is an open-source framework used for building Elixir applications. Versions of Ash Framework prior to 3.22.0 contained a resource management vulnerability. This vulnerability stems from Ash.Type.Module.castinput/2, which “Elixir.”, thereby creating new Erlang atoms. This could lead ...

8.2CVSS5.8AI score0.00423EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/01 12:14 a.m.16 views

Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

Summary Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the referenced module exists. Because Erlang atoms are never garbage-collected and the BEAM atom table has ...

8.2CVSS6AI score0.00423EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.10 views

PT-2026-29495

Summary Ash.Type.Module.cast input/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the referenced module exists. Because Erlang atoms are never garbage-collected and the BEAM atom table has...

8.2CVSS6AI score0.00423EPSS
Exploits1References7
OSV
OSV
added 2026/03/01 1:25 a.m.2 views

GHSA-HX9W-F2W9-9G96 hex_core has Unsafe Deserialization of Erlang Terms

Impact The Hex client hexcore deserializes Erlang terms received from the Hex API using binarytoterm/1 without sufficient restrictions. If an attacker can control the HTTP response body returned by the Hex API, this allows denial-of-service attacks such as atom table exhaustion, leading to a VM...

2CVSS6.2AI score0.00576EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/01 1:25 a.m.5 views

hex_core has Unsafe Deserialization of Erlang Terms

Impact The Hex client hexcore deserializes Erlang terms received from the Hex API using binarytoterm/1 without sufficient restrictions. If an attacker can control the HTTP response body returned by the Hex API, this allows denial-of-service attacks such as atom table exhaustion, leading to a VM...

7.5CVSS6.2AI score0.00576EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1629

Malicious code in bioql PyPI...

6.5CVSS5.7AI score0.01082EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 10:35 a.m.7 views

CVE-2019-16764

The use of String.toatom/1 in PowAssent is susceptible to denial of service attacks. In PowAssent.Phoenix.AuthorizationController a value is fetched from the user provided params, and String.toatom/1 is used to convert the binary value to an atom so it can be used to fetch the provider...

6.5CVSS6.6AI score0.01082EPSS
Exploits0References1
Prion
Prion
added 2019/11/25 5:15 p.m.13 views

Code injection

The use of String.toatom/1 in PowAssent is susceptible to denial of service attacks. In PowAssent.Phoenix.AuthorizationController a value is fetched from the user provided params, and String.toatom/1 is used to convert the binary value to an atom so it can be used to fetch the provider...

2.1CVSS5.3AI score0.01082EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2011/09/29 12:55 a.m.2 views

CVE-2011-3002

Almost Native Graphics Layer Engine ANGLE, as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via vecto...

9.3CVSS9.4AI score0.03346EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2009/06/25 3:7 p.m.6 views

Firefox browser engine crashes

The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1...

9.3CVSS6.2AI score0.09282EPSS
Exploits1References4
Rows per page
Query Builder