453 matches found
SUSE CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of...
SUSE CVE-2015-8629
The xdrnullstring function in lib/kadm5/kadmrpcxdr.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service...
SUSE CVE-2016-5826
The parsergetnextchar function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service out-of-bounds heap read by crafting a string to the icalparserparsestring function...
SUSE CVE-2016-7567
Buffer overflow in the SLPFoldWhiteSpace function in common/slpcompare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string...
SUSE CVE-2017-14033
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service interpreter crash via a crafted string...
SUSE CVE-2017-17484
The ucnvUTF8FromUTF8 function in ucnvu8.cpp in International Components for Unicode ICU for C/C++ through 60.1 mishandles ucnvconvertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly hav...
SUSE CVE-2018-1517
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681...
SUSE CVE-2018-18483
The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc called with the result of an integer-overflowing calculation or possibly have unspecified other impact via a crafted string, as demonstrated by...
SUSE CVE-2018-20657
The demangletemplate function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service memory consumption, as demonstrated by cxxfilt, a related issue to CVE-2018-12698...
SUSE CVE-2019-11389
An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...
SUSE CVE-2019-11391
An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with $a at the beginning and nested repetition operators. NOTE: the softwa...
Regular Expression Denial Of Service (ReDoS)
ua-parser-js is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used for the str attribute in the trim function of ua-parser.js, which allows an attacker to crash the application by providing a maliciously crafted string...
Regular Expression Denial Of Service (ReDoS)
activesupport is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the underscore function of methods.rb, allowing an attacker to crash the application by providing a maliciously crafted string...
CVE-2021-36603
Cross Site Scripting XSS in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1"...
Denial Of Service (DoS)
org.codehaus.jettison:jettison is vulnerable to Denial Of Service DoS. A remote attacker is able to cause a stack overflow via injecting a crafted string through the map parameter, resulting in denial of service...
GHSA-GRR4-WV38-F68W Jettison Out-of-bounds Write vulnerability
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted string...
CVE-2022-45693
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted string...
CVE-2022-45693
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted string...
CVE-2022-43365
IP-COM EW9 V15.11.0.149732 was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted string...
Buffer overflow
IP-COM EW9 V15.11.0.149732 was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted string...