45 matches found
CVE-2025-2921
Netis WF-2404 (version 1.1.124EN) is affected by CVE-2025-2921, involving an unknown function in the /etc/passwd file. Reports indicate that manipulating input labeled as Realtek can cause the device to rely on a default password, enabling an attack on the physical device. The CVE’s access vector...
CVE-2025-0695
CVE-2025-0695 affects Cesanta Frozen library prior to version 1.7. The vulnerability is an unbounded Allocation of Resources Without Limits or Throttling, allowing an attacker to crash the component embedding the library by supplying malicious JSON input. Affected scope is Cesanta Frozen versions
JetBrains TeamCity Content-Type Header Cross-Site Scripting Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...
PT-2024-15991
Name of the Vulnerable Software and Affected Versions PAM affected versions not specified Description A vulnerability was found in PAM, where secret information is stored in memory. An attacker can trigger the victim program to execute by sending characters to its standard input stdin, allowing...
CVE-2024-38875
CVE-2024-38875 affects Django 4.2 before 4.2.14 and 5.0 before 5.0.7, where the urlize and urlizetrunc functions can be triggered into a denial-of-service condition by inputs containing a very large number of brackets. The connected sources (e.g., Astra Linux, Gentoo GLSA, Fedora advisories, and ...
CVE-2024-36745
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS via inputting a negative value into the oneflow.indexselect parameter...
CVE-2024-24847
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7...
CVE-2023-43646
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...
SUSE CVE-2017-11449
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an image received from stdin...
CVE-2023-22799
A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediate...
perfSONAR 跨站请求伪造漏洞
perfSONAR is a widely deployed test and measurement infrastructure used by scientific networks and facilities around the world to monitor and ensure network performance. A security vulnerability exists in perfSONAR versions v4.x through v4.4.5 that stems from the inclusion of cross-site request...
GHSA-4R6J-FWCX-94CF snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)
An exponential ReDoS Regular Expression Denial of Service can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the getfiletransfertype method...
PT-2022-11819 · Npm · Semver-Regex
Name of the Vulnerable Software and Affected Versions: semver-regex affected versions not specified Description: An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package when an attacker supplies arbitrary input to the test method. Recommendations...
CVE-2021-44498
An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, attackers can cause a type to be incorrectly initialized in the function fincr in srport/fincr.c and cause a crash due to a NULL pointer dereference...
ALPINE-CVE-2020-27823
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
D-Link DIR-816 A2 缓冲区错误漏洞
The D-Link DIR-816 is a wireless AC750 dual-band router. A stack buffer overflow vulnerability exists in the handler function of /goform/addassignment in the D-Link DIR-816 A2 version 1.10 B05. An attacker can exploit the vulnerability by entering long text in the sip and smac fields to cause the...
CVE-2021-22306
There is an out-of-bound read vulnerability in Mate 30 10.0.0.182C00E180R6P2. A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service...
Regular Expression Denial of Service (ReDoS)
Overview url-regex is a package with regular expression for matching URLs Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker providing a very long string in String.test can cause a Denial of Service. PoC by Nick Baugh For url-regex package:...
Cisco NX-OS Software and Cisco FXOS Software Command Injection Vulnerabilities
Cisco Firepower 4100 Series and others are products of Cisco Corporation.Cisco Firepower 4100 Series is a 4100 series firewall appliance.Cisco FXOS Software is a set of firewall software running in Cisco security appliances.Cisco Nexus 3000 Series Switches is a 3000 series switch.Cisco MDS 9000...
CVE-2019-6528
PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway XS-MU Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway VM Versions...