Lucene search
+L

20 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.6 views

CVE-2020-27863

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 80...

6.5CVSS5.9AI score0.00989EPSS
Exploits0
Cvelist
Cvelist
added 2025/03/17 3:5 p.m.14 views

CVE-2025-1774 Logs manipulation in BotSense

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

6.3CVSS0.00459EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/17 3:5 p.m.14 views

CVE-2025-1774 Logs manipulation in BotSense

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issu...

6.3CVSS6.9AI score0.00459EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 2:59 p.m.15 views

CVE-2020-27865

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on T...

8.8CVSS7.5AI score0.02549EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/12/02 5:51 p.m.6 views

CVE-2024-53861

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

2.2CVSS6.6AI score0.0081EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2024/11/29 6:43 p.m.16 views

CVE-2024-53861

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

7.5CVSS4.6AI score0.0081EPSS
Exploits1
CVE
CVE
added 2024/04/10 5:6 p.m.92 views

CVE-2024-3386

CVE-2024-3386 : In Palo Alto Networks PAN-OS, an incorrect string comparison prevents Predefined Decryption Exclusions from functioning as intended, causing traffic destined for domains not listed in the exclusions to be unintentionally excluded from decryption. The vulnerability affects PAN-OS s...

5.3CVSS6.7AI score0.00436EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.6 views

SUSE CVE-2012-6538

The copytouserauth function in net/xfrm/xfrmuser.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAPNETADMIN capability...

1.9CVSS6AI score0.00345EPSS
Exploits0References4
Prion
Prion
added 2021/03/10 4:15 p.m.21 views

Integer overflow

Due to incorrect string size calculations inside the pregquote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 an...

7.5CVSS9.5AI score0.01659EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/02/11 11:35 p.m.59 views

CVE-2020-27863

CVE-2020-27863 affects D-Link DVA-2800 and DSL-2888A routers. The flaw is in the dhttpd service (listening on TCP port 8008 by default) where incorrect string-matching logic when accessing protected pages allows network-adjacent attackers to disclose stored credentials without authentication. The...

6.5CVSS6.2AI score0.00989EPSS
Exploits0References2Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2020/09/15 12:0 a.m.54 views

NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the minihttpd...

6.5CVSS2AI score0.00697EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/23 8:45 p.m.32 views

CVE-2020-15633

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP...

8.8CVSS9AI score0.02768EPSS
Exploits0References2
NVD
NVD
added 2019/08/15 5:15 p.m.25 views

CVE-2019-12854

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it...

7.5CVSS8.3AI score0.11708EPSS
Exploits0References9
OSV
OSV
added 2019/08/15 5:15 p.m.30 views

CVE-2019-12854

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it...

7.5CVSS9.3AI score
Exploits0References9
UbuntuCve
UbuntuCve
added 2019/08/15 5:15 p.m.28 views

CVE-2019-12854

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it...

7.5CVSS6.6AI score0.11708EPSS
Exploits0References3
CVE
CVE
added 2019/08/15 4:15 p.m.251 views

CVE-2019-12854

CVE-2019-12854 affects Squid up to 4.7, where incorrect string termination in cachemgr.cgi can cause access to unallocated memory and DoS for clients. Public advisories document this as a Denial of Service vector and list Squid 4.0–4.7 as affected; remediation seen in later vendor advisories/upda...

7.5CVSS8.1AI score0.11708EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2019/08/15 4:15 p.m.44 views

CVE-2019-12854

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it...

7.5CVSS5.5AI score0.11708EPSS
Exploits0
Cvelist
Cvelist
added 2019/07/02 8:49 p.m.25 views

CVE-2017-11580

Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection provided by the device, if a large string is sent as a part of the HTTP request in any part of the HTTP headers, the device coul...

6.8AI score0.01431EPSS
Exploits1References3
OSV
OSV
added 2016/05/11 12:38 p.m.17 views

SUSE-SU-2016:1277-1 Security update for php5

This update for php5 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2015-8867: The PHP function...

9.8CVSS8.6AI score0.19455EPSS
Exploits5References11
Prion
Prion
added 2013/07/10 7:55 p.m.30 views

Design/Logic Flaw

The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service crash via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue...

4.3CVSS6.8AI score0.01213EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder