Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the idna.encode function when processing very large domain name inputs that exploit the validcontexto function before length validation. This is triggered by arbitrarily large inputs th...

PT-2024-4058 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version V9.3.5u.6369 B20220309 Description: The issue is related to the NTPSyncWithHost function in the TOTOLINK LR350 router's firmware, which lacks input validation. This can be exploited by a remote attacker to execute...

Kofax Power PDF 安全漏洞

Kofax Power PDF is a professional PDF editing and management software from Kofax. A security vulnerability exists in Kofax Power PDF that stems from a specific flaw in the parsing of PDF files that lacks proper validation of user-supplied data, allowing a remote attacker to execute arbitrary code...

CVE-2021-36982

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall AIWAF devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request...

IBM Cloud Pak for Applications 跨站脚本漏洞

IBM Cloud Pak for Applications is an application from IBM America, Inc. It provides a cloud-native development solution that delivers value quickly. A cross-site scripting vulnerability exists in IBM Cloud Pak for Applications, which stems from the product's lack of effective validation of...

GHSA-RGVQ-PCVF-HX75 Heap OOB and null pointer dereference in `RaggedTensorToTensor`

Impact Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty: python import tensorflow as tf shape = tf.constant-1, -1, shape=2, dtype=tf.int64 values = tf.constant, shape=0, dtype=tf.int64 defaultvalue =...

PT-2018-13677 · Kamailio +2 · Kamailio +2

Name of the Vulnerable Software and Affected Versions: Kamailio versions prior to 5.0.7 Kamailio versions 5.1.x prior to 5.1.4 Description: A crafted SIP message with an invalid Via header can cause a segmentation fault and crash Kamailio due to missing input validation in the crcitt string array...

CVE-2018-5273

In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they "have not been able to reproduce the issu...