PT-2023-35717 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 1. It involves the htmlParseChunk function in the html.c file. No...

K51390683: PHP vulnerabilities CVE-2016-5094 and CVE-2016-5095

Security Advisory Description CVE-2016-5094 Integer overflow in the phphtmlentities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from...

SUSE CVE-2011-1027

Off-by-one error in the convertqueryhexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service infinite loop via a string composed of a % percent character followed by invalid hex characters, as demonstrated by a %gg sequence...

Advisory ROSA-SA-2021-1858

Software: keepalived 1.3.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-19115 CVE-Crit: CRITICAL CVE-DESC: keepalived before 2.0.7 has a heap-based buffer overflow when analyzing HTTP status codes leading to DoS or possibly unspecified other impacts, because extractstatuscode in lib / html.c does not check th...

NewStart CGSL CORE 5.04 / MAIN 5.04 : keepalived Vulnerability (NS-SA-2019-0051)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has keepalived packages installed that are affected by a vulnerability: - Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server allows malicio...

EulerOS 2.0 SP8 : keepalived (EulerOS-SA-2019-1770)

According to the versions of the keepalived package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server...

EulerOS 2.0 SP2 : keepalived (EulerOS-SA-2019-1739)

According to the version of the keepalived package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server allow...

EulerOS 2.0 SP5 : keepalived (EulerOS-SA-2019-1680)

According to the version of the keepalived package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server allow...

redcarpet Gem for Ruby html.c header_anchor() Function Stack Overflow

redcarpet Gem for Ruby contains a flaw that allows a stack overflow. This flaw exists because the headeranchor function in html.c uses variable length arrays VLA without any range checking. This may allow a remote attacker to execute arbitrary code...

CVE-2011-1027

Off-by-one error in the convertqueryhexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service infinite loop via a string composed of a % percent character followed by invalid hex characters, as demonstrated by a %gg sequence...

PT-2011-2819 · Cgit · Cgit

Name of the Vulnerable Software and Affected Versions: cgit versions prior to 0.8.3.5 Description: The issue is caused by an off-by-one error in the convert query hexchar function in html.c in cgit.cgi. This allows remote attackers to cause a denial of service infinite loop via a string composed ...

CVE-2004-2571

Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the 1 parseQmailFromBytesLine, 2 parseQmailToRemoteLine, 3 parseQmailToLocalLine, 4 parseSendmailFromBytesLine, 5 parseSendmailToLine, 6 parseEximFromBytesLine, and 7 parseEximToLine function...

CVE-2004-2571

Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the 1 parseQmailFromBytesLine, 2 parseQmailToRemoteLine, 3 parseQmailToLocalLine, 4 parseSendmailFromBytesLine, 5 parseSendmailToLine, 6 parseEximFromBytesLine, and 7 parseEximToLine function...

DEBIAN-CVE-2004-2571

Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the 1 parseQmailFromBytesLine, 2 parseQmailToRemoteLine, 3 parseQmailToLocalLine, 4 parseSendmailFromBytesLine, 5 parseSendmailToLine, 6 parseEximFromBytesLine, and 7 parseEximToLine function...

CVE-2004-1299

CVE-2004-1299 is a vulnerability in Vilistextum 2.6.6 where the get_attr function (html.c) contains a buffer overflow. This can allow a remote attacker to execute arbitrary code via a crafted webpage. The Gentoo GLSA advisory (GLSA-200501-10) attributes the issue to unsafe reads into an array and...