CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

130 matches found

Positive Technologies•added 2024/02/01 12:0 a.m.•9 views

PT-2024-19617

Name of the Vulnerable Software and Affected Versions eyoucms version 1.6.5 Description A Cross Site Scripting XSS issue exists in the func parameter, allowing a remote attacker to execute arbitrary code via a crafted URL. Recommendations For eyoucms version 1.6.5, consider restricting access to...

6.1CVSS6.8AI score0.17866EPSS

Exploits1References5

Positive Technologies•added 2023/12/01 12:0 a.m.•1 views

PT-2023-35622 · Git +1 · Php

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 4 crash type. The crash state involves several functions: zend reference destroy, rc dtor func, and ze...

6.9AI score

Exploits0References2

BDU FSTEC•added 2023/11/14 12:0 a.m.•1 views

The vulnerability of the URI_FUNC() function in the UriParse.c component of the UriParser parser allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the URIFUNC function in the UriParse.c component of the UriParser parser is related to reading data beyond the allowable buffer size limits. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service...

10CVSS7.1AI score0.00513EPSS

Exploits0References6Affected Software3

Veracode•added 2023/10/04 12:48 p.m.•19 views

Regular Expression Denial Of Service (ReDoS)

get-func-name is vulnerable to Regular Expression Denial Of Service. The vulnerability is due to the getFuncName function in index.js not properly checking the functionSource size and length. which allows an attacker to trigger a DOS attack by using an input like '\t'.repeat54773 + '\t/function/i...

8.6CVSS7AI score0.01353EPSS

Exploits1References3Affected Software2

RedhatCVE•added 2023/09/28 11:54 a.m.•49 views

CVE-2023-43646

A vulnerability was found in the get-func-name package in the chai module. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

7.5CVSS6.8AI score0.01353EPSS

Exploits1References5

Github Security Blog•added 2023/09/27 8:16 p.m.•56 views

Chaijs/get-func-name vulnerable to ReDoS

The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: js const functionNameMatch = /\sfunction?:\s|\s/^?:/+\/\s^\s/+/; This vulnerability can be exploited...

8.6CVSS6.9AI score0.01353EPSS

Exploits1References5Affected Software1

OSV•added 2023/09/27 3:19 p.m.•0 views

UBUNTU-CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

8.6CVSS6.7AI score0.01353EPSS

Exploits1References4

UbuntuCve•added 2023/09/27 12:0 a.m.•22 views

CVE-2023-43646

8.6CVSS6.6AI score0.01353EPSS

Exploits1References3

CNNVD•added 2023/09/27 12:0 a.m.•3 views

get-func-name Security Vulnerability

get-func-name is a Chaijs open source module for securely and consistently retrieving function names in NodeJS and browsers. A security vulnerability exists in get-func-name versions prior to 2.0.1, which stems from a regular expression denial-of-service redos vulnerability in the system that cou...

8.6CVSS6.6AI score0.01353EPSS

Exploits1References5

Vulnrichment•added 2023/09/26 6:19 p.m.•13 views

CVE-2023-43646 Inefficient Regular Expression Complexity in get-func-name

8.6CVSS6.6AI score0.01353EPSS

Exploits1References2

CVE•added 2023/09/26 6:19 p.m.•288 views

CVE-2023-43646

CVE-2023-43646 affects the get-func-name module (NodeJS and browser) where versions before 2.0.1 are vulnerable to a Regular Expression Denial of Service (ReDoS) caused by imbalance in parentheses that triggers catastrophic backtracking and high CPU usage on malicious input (e.g., a tab-heavy str...

8.6CVSS7.7AI score0.01353EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2023/09/26 12:0 a.m.•3 views

PT-2023-28897 · Unknown +1 · Get-Func-Name +1

Name of the Vulnerable Software and Affected Versions: get-func-name versions prior to 2.0.1 Description: The issue is related to a regular expression denial of service redos vulnerability in the get-func-name module, which can lead to a denial of service when parsing malicious input. This...

8.6CVSS6AI score0.01353EPSS

Exploits1References17

OSV•added 2023/03/24 8:15 p.m.•19 views

CVE-2021-43315

A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func getle32. The problem is essentially caused in PackLinuxElf32::elflookup at plxelf.cpp:5349...

7.5CVSS7.8AI score

Exploits0References1

Prion•added 2023/03/24 8:15 p.m.•20 views

Heap overflow

A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func getle32. The problem is essentially caused in PackLinuxElf32::elflookup at plxelf.cpp:5382...

5CVSS7.7AI score0.00323EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/03/24 12:0 a.m.•17 views

CVE-2021-43317

7.7AI score0.00323EPSS

Exploits1References1

Veracode•added 2022/11/23 10:47 a.m.•23 views

Information Disclosure

github.com/knative/func is vulnerable to information disclosure. The vulnerability is due to compromised third-party buildpacks which expose their registry credentials or local docker socket to a malicious lifecycle container, which allows remote attackers to access unauthorized information. This...

7.4CVSS6.7AI score0.00358EPSS

Exploits1References6Affected Software1

Snyk•added 2022/11/20 9:8 a.m.•0 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. This is vulnerable when an input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

7.5CVSS7.1AI score0.00255EPSS

Exploits1References2

NVD•added 2022/11/19 1:15 a.m.•12 views

CVE-2022-41939

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious lifecycle container. This issues has bee...

7.4CVSS0.00358EPSS

Exploits1References4

Prion•added 2022/11/19 1:15 a.m.•17 views

Code injection

4.3CVSS7.3AI score0.00358EPSS

Exploits1References4Affected Software1

CVE•added 2022/11/19 12:0 a.m.•59 views

CVE-2022-41939

CVE-2022-41939 affects knative.dev/func (client library/CLI for Knative functions). The root issue is credential exposure when using third-party function buildpacks, where a compromised buildpack could expose registry credentials or the local Docker socket to a malicious lifecycle container. The ...

7.4CVSS6.7AI score0.00358EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by