Lucene search
K

40 matches found

Snyk
Snyk
added 2025/08/21 1:32 p.m.41 views

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion via cmForEachFunctionBlocker::ReplayItems function of the file cmForEachCommand.cxx. An attacker can cause a program crash by providing CMakeLists.txt files containing malformed foreach constructs that triggers a...

4.8CVSS4.2AI score0.00135EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:41 a.m.5 views

CVE-2017-15364

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service double free and application crash or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0...

5.5CVSS5.9AI score0.01366EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/31 12:0 a.m.23 views

The vulnerability of the mgmt_mesh_foreach() function in the net/bluetooth/mgmt_util.c module of operating systems running on Linux allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information, or cause service failures.

The vulnerability of the mgmtmeshforeach function in the net/bluetooth/mgmtutil.c module of Linux operating systems is related to iterating over an inappropriate list called mgmtpending, which contains elements of type struct mgmtpendingCmd instead of struct mgmtmeshtx. Exploiting this...

8.2CVSS5.5AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2024/11/08 9:43 p.m.2 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free through the ForEachModule process. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Gist - GitHub Issue - GitHub PR Credit: Ziyi Guo...

8.6CVSS6.9AI score0.00221EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/19 12:0 a.m.4 views

PT-2024-19487 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: swftools version 0.9.2 Description: The issue is related to a Stack Buffer Underflow in the dict foreach keyvalue function located at swftools/lib/q.c. This can potentially lead to a denial of service. Recommendations: For swftools version...

7.8CVSS7.3AI score0.00285EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/05/12 12:0 a.m.9 views

PT-2023-19924 · Workerd · Workerd

Name of the Vulnerable Software and Affected Versions: workerd versions prior to v1.20230419.0 Description: The FormData API implementation in workerd was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach method could end up reading from the wro...

8.1CVSS7.9AI score0.00617EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/19 3:55 a.m.4 views

Malicious code in lodashfroeach (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 281c7ec11329fae7f591474152da76436f0d91f9246ee789feb6c8f7e4fcdbec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/17 12:29 a.m.21 views

ccsv Double Free vulnerability

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service double free and application crash or possibly have unspecified other impact via a crafted file...

5.5CVSS6.3AI score0.01366EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/03/08 12:0 a.m.38 views

Fedora 29 : php-Smarty (2019-e595e8a7d7)

===== 3.1.33 release ===== 12.09.2018 ===== 3.1.33-dev-12 ===== 03.09.2018 - bugfix foreach using new style property access like $item@property on Smarty 2 style named foreach loop could produce errors https://github.com/smarty-php/smarty/issues/484 Note that Tenable Network Security has extracte...

9.8CVSS6.8AI score0.03463EPSS
Exploits2References16
CNVD
CNVD
added 2017/10/16 12:0 a.m.2 views

Ccsv Denial of Service Vulnerability

Ccsv is a CSV parser for Ruby. A security vulnerability exists in the 'foreach' function of the ext/ccsv.c file in Ccsv version 1.1.0. A remote attacker can exploit this vulnerability with the help of a specially crafted file to cause a denial of service double release and application crash...

5.5CVSS5.4AI score0.01366EPSS
Exploits0References1
Prion
Prion
added 2017/10/15 7:29 p.m.15 views

Double free

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service double free and application crash or possibly have unspecified other impact via a crafted file...

4.3CVSS6.2AI score0.01366EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2017/10/15 12:0 a.m.6 views

PT-2017-14024 · Ccsv · Ccsv

Name of the Vulnerable Software and Affected Versions: Ccsv version 1.1.0 Description: The issue allows remote attackers to cause a denial of service, resulting in a double free and application crash, or possibly have other unspecified impacts via a crafted file. This is related to the foreach...

5.5CVSS7.8AI score0.01366EPSS
Exploits0References9
seebug.org
seebug.org
added 2014/01/22 12:0 a.m.18 views

Joomla Zap Weather FPD & Zap Calendar跨站脚本漏洞

No description provided by source. Title - Joomla Zap Weather FPD & Zap Calendar XSS Date: 01.21.2014 Vendor: zcontent.net extensions.joomla.org/extensions/owner/cogliano Versions - Z Weather v9 & Zap Calendar v4.0 Latests ATM Contant: smashatdevilteam.pl Zap Weather PoC -...

7.1AI score
Exploits0
myhack58
myhack58
added 2013/10/13 12:0 a.m.61 views

DEDECMS website management system template execution vulnerability-vulnerability warning-the black bar safety net

DEDECMS website management system template execution vulnerability One not careful, your server will be hacked, such as database password is too simple, the server password is too simple, or CMS system vulnerabilities. The following is a DEDE of the template execution vulnerability. Vulnerability...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2008/11/04 12:0 a.m.16 views

Discuz!4.x wap\index.php 变量覆盖漏洞

Discuz!4.x一直存在着一个变量覆盖漏洞n年了.代码如下: $chs = ''; if$POST && $charset != 'utf-8' $chs = new Chinese'UTF-8', $charset; foreach$POST as $key = $value $$key = $chs-Convert$value; //foreach处理$POST导致变量覆盖 unset$chs;...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2006/04/14 10:2 a.m.30 views

CVE-2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the jsValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method...

9.3CVSS6.3AI score0.06711EPSS
Exploits0References1
Prion
Prion
added 2006/04/14 10:2 a.m.28 views

Design/Logic Flaw

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the jsValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method...

9.3CVSS7.6AI score0.06711EPSS
Exploits0References20Affected Software3
Cvelist
Cvelist
added 2006/04/14 10:0 a.m.31 views

CVE-2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the jsValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method...

7.2AI score0.06711EPSS
Exploits0References20
Debian CVE
Debian CVE
added 2006/04/14 10:0 a.m.24 views

CVE-2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the jsValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method...

9.3CVSS7.5AI score0.06711EPSS
Exploits0
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.34 views

Security check of js_ValueToFunctionObject() can be circumvented — Mozilla

The security check in jsValueToFunctionObject can be bypassed by clever use of setTimeout and the new Firefox 1.5 array method ForEach. shutdown demonstrated how to leverage this into a privilege escalation vulnerability that would allow the installation of malware...

9.3CVSS2.5AI score0.06711EPSS
Exploits0References1Affected Software3
Rows per page
Query Builder