Lucene search
K

54 matches found

Cvelist
Cvelist
added 2010/07/27 10:0 p.m.27 views

CVE-2010-0211

The slapmodrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smrnormalize function, which allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a modrdn call with an RDN string containing...

9.6AI score0.29238EPSS
Exploits1References19
Cvelist
Cvelist
added 2010/07/27 10:0 p.m.34 views

CVE-2010-0212

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service crash via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smrnormalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schemainit.c, as...

9AI score0.06221EPSS
Exploits1References18
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2009/08/25 12:0 a.m.67 views

Stable Update: Security fixes

Google Chrome 2.0.172.43 has been released to the Stable channel to fix the security issues listed below. CVE-2009- 2935 Unauthorized memory read from Javascript A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing securi...

6.5CVSS7.2AI score0.03121EPSS
Exploits2Affected Software1
Prion
Prion
added 2009/08/11 6:30 p.m.13 views

Stack overflow

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...

4.3CVSS6.7AI score0.05324EPSS
Exploits1References15Affected Software1
NVD
NVD
added 2009/08/11 6:30 p.m.23 views

CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

4.3CVSS6.3AI score0.03121EPSS
Exploits2References36
OSV
OSV
added 2009/08/11 6:30 p.m.1 views

DEBIAN-CVE-2009-2416

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...

6.5CVSS8.9AI score0.01793EPSS
Exploits2References1
OSV
OSV
added 2009/08/11 6:30 p.m.6 views

CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

4.3CVSS6.3AI score0.03121EPSS
Exploits2References36
UbuntuCve
UbuntuCve
added 2009/08/11 6:30 p.m.32 views

CVE-2009-1885

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...

4.3CVSS7.2AI score0.05324EPSS
Exploits1References1
Cvelist
Cvelist
added 2009/08/11 6:0 p.m.33 views

CVE-2009-1885

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...

6AI score0.05324EPSS
Exploits1References15
CVE
CVE
added 2009/08/11 6:0 p.m.141 views

CVE-2009-2416

CVE-2009-2416 is a use-after-free in libxml2 (versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32) and libxml 1.8.17 triggered by crafted Notation/Enumeration attribute types in a DTD; leads to denial of service (application crash). Related CVE-2009-2414 is a stack-growth DoS via deep DTD structures....

6.5CVSS6.7AI score0.01793EPSS
Exploits2References36Affected Software2
CVE
CVE
added 2009/08/11 6:0 p.m.143 views

CVE-2009-2414

CVE-2009-2414 and CVE-2009-2416 affect libxml2/libxml (legacy 2.5.10/2.6.x and libxml1 1.8.17). CVE-2009-2414 is a stack-growth/recursion issue in DTD processing (depth of element declarations) leading to DoS via application crash; CVE-2009-2416 involves use-after-free via crafted Notation or Enu...

4.3CVSS6.2AI score0.03121EPSS
Exploits2References36Affected Software2
UbuntuCve
UbuntuCve
added 2009/08/11 12:0 a.m.48 views

CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

4.3CVSS6.7AI score0.03121EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2009/08/11 12:0 a.m.29 views

CVE-2009-2416

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...

6.5CVSS6.7AI score0.01793EPSS
Exploits2References2
Prion
Prion
added 2009/08/06 3:30 p.m.31 views

Input validation

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

5CVSS6.6AI score0.3038EPSS
Exploits2References63Affected Software9
NVD
NVD
added 2009/08/06 3:30 p.m.38 views

CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

5CVSS6.6AI score0.3038EPSS
Exploits2References63
OSV
OSV
added 2009/08/06 3:30 p.m.11 views

CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

6.4AI score
Exploits0References79
Cvelist
Cvelist
added 2009/08/06 3:0 p.m.33 views

CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

6.5AI score0.3038EPSS
Exploits2References63
CVE
CVE
added 2009/08/06 3:0 p.m.253 views

CVE-2009-2625

CVE-2009-2625 affects Apache Xerces2-Java (XML parser used by JRE/JDK) where parsing a malformed XML with systems DTD identifiers can cause DoS (hangs), via a vulnerability in SYSTEM handling in Xerces2 Java. Connected advisories confirm public fixes: Debian libxerces2-java updates (DSA-1984-1) a...

5CVSS6.1AI score0.3038EPSS
Exploits2References63Affected Software1
UbuntuCve
UbuntuCve
added 2009/08/06 12:0 a.m.55 views

CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

5CVSS6.8AI score0.3038EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.30 views

Mandriva Linux Security Advisory : openssl (MDVSA-2008:107)

Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server...

4.3CVSS7.2AI score0.05EPSS
Exploits1References2
Rows per page
Query Builder