Lucene search
K

17 matches found

Github Security Blog
Github Security Blog
added 2022/05/14 2:16 a.m.29 views

Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment

The Double.parseDouble method in Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a...

5CVSS6.5AI score0.2349EPSS
Exploits1References60Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.24 views

Mageia: Security Advisory (MGASA-2014-0003)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS4.3AI score0.34968EPSS
Exploits3References6
Veracode
Veracode
added 2019/01/15 8:58 a.m.24 views

Denial Of Service (DoS)

php is vulnerable to denial of service DoS attacks. The vulnerability exists through an Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD...

6.8CVSS6.3AI score0.28167EPSS
Exploits43References56Affected Software7
NVD
NVD
added 2018/12/10 6:29 a.m.17 views

CVE-2018-20004

An issue has been found in Mini-XML aka mxml 2.12. It is a stack-based buffer overflow in mxmlwritenode in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml...

8.8CVSS8.8AI score0.02025EPSS
Exploits1References5
Prion
Prion
added 2018/12/10 6:29 a.m.20 views

Stack overflow

An issue has been found in Mini-XML aka mxml 2.12. It is a stack-based buffer overflow in mxmlwritenode in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml...

6.8CVSS8.7AI score0.02025EPSS
Exploits1References5Affected Software3
CVE
CVE
added 2018/12/10 6:0 a.m.64 views

CVE-2018-20004

CVE-2018-20004 affects Mini-XML (mxml) 2.12. It describes a stack-based buffer overflow in mxml_write_node (mxml-file.c) triggered via vectors involving a double-precision number and the substring . The issue is documented across multiple advisories (e.g., Mageia MGASA-2019-0159 and Fedora update...

8.8CVSS8.6AI score0.02025EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2018/12/10 6:0 a.m.27 views

CVE-2018-20004

An issue has been found in Mini-XML aka mxml 2.12. It is a stack-based buffer overflow in mxmlwritenode in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml...

8.8AI score0.02025EPSS
Exploits1References5
FreeBSD
FreeBSD
added 2015/12/19 12:0 a.m.45 views

mono -- DoS and code execution

NCC Group reports: An attacker who can cause a carefully-chosen string to be converted to a floating-point number can cause a crash and potentially induce arbitrary code execution...

6.8CVSS4.6AI score0.28167EPSS
Exploits43References1
OpenVAS
OpenVAS
added 2013/12/04 12:0 a.m.54 views

Debian Security Advisory DSA 2810-1 (ruby1.9.1 - heap overflow)

Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execu...

6.8CVSS0.6AI score0.34968EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2013/12/03 12:0 a.m.32 views

Ubuntu Update for ruby1.8 USN-2035-1

Check for the Version of ruby1.8 OpenVAS Vulnerability Test $Id: gbubuntuUSN20351.nasl 8672 2018-02-05 16:39:18Z teissa $ Ubuntu Update for ruby1.8 USN-2035-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

6.8CVSS5.6AI score0.34968EPSS
Exploits4References2
securityvulns
securityvulns
added 2013/12/01 12:0 a.m.96 views

[USN-2035-1] Ruby vulnerabilities

========================================================================== Ubuntu Security Notice USN-2035-1 November 27, 2013 ruby1.8, ruby1.9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

6.8CVSS0.6AI score0.34968EPSS
Exploits4
Ubuntu
Ubuntu
added 2013/11/27 4:36 p.m.64 views

USN-2035-1: Ruby vulnerabilities

Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitra...

6.8CVSS7.5AI score0.34968EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2011/02/10 7:41 p.m.5 views

JDK Double.parseDouble Denial-Of-Service

The Double.parseDouble method in Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a...

5CVSS6.1AI score0.2349EPSS
Exploits1References4
securityvulns
securityvulns
added 2011/01/13 12:0 a.m.86 views

[USN-1042-1] PHP vulnerabilities

=========================================================== Ubuntu Security Notice USN-1042-1 January 11, 2011 php5 vulnerabilities CVE-2009-5016, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4156, CVE-2010-4409, CVE-2010-4645...

6.8CVSS0.4AI score0.18878EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2009/12/11 12:0 a.m.25 views

Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : kdelibs vulnerabilities (USN-871-1)

A buffer overflow was found in the KDE libraries when converting a string to a floating point number. If a user or application linked against kdelibs were tricked into processing crafted input, an attacker could cause a denial of service via application crash or possibly execute arbitrary code wi...

6.8CVSS7.6AI score0.28167EPSS
Exploits43References2
Saint
Saint
added 2009/09/16 12:0 a.m.35 views

Safari WebKit floating point number buffer overflow

Added: 09/16/2009 CVE: CVE-2009-2195 BID: 36023 OSVDB: 56988 Background Safari is a web browser for Mac OS X and Windows. Safari is built upon the WebKit browser engine. Problem A buffer overflow vulnerability in WebKit allows command execution when a user loads a page which contains a specially...

9.3CVSS9AI score0.13294EPSS
Exploits4
Prion
Prion
added 2009/07/01 1:0 p.m.36 views

Heap overflow

Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...

6.8CVSS8.5AI score0.28167EPSS
Exploits43References53Affected Software6
Rows per page
Query Builder