CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в ntfs-3g

A properly crafted NTFS image can lead to a out-of-bounds read, caused by an invalid attribute in ntfsattrfindinattrdef, in NTFS-3G 2021.8.22...

7.8CVSS6.8AI score0.00091EPSS

Exploits0References2

OSV•added 2025/12/08 12:46 a.m.•3 views

CVE-2025-40326 NFSD: Define actions for the new time_deleg FATTR4 attributes

In the Linux kernel, the following vulnerability has been resolved: NFSD: Define actions for the new timedeleg FATTR4 attributes NFSv4 clients won't send legitimate GETATTR requests for these new attributes because they are intended to be used only with CBGETATTR and SETATTR. But NFSD has to do...

6.3AI score0.00026EPSS

Exploits0References5

OSV•added 2023/10/25 9:2 p.m.•2 views

GHSA-663W-2XP3-5739 org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability

Impact The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like commen...

9.6CVSS6.2AI score0.01458EPSS

Exploits1References6

CNNVD•added 2023/10/02 12:0 a.m.•2 views

Eclipse Mosquitto Security Vulnerability

Eclipse Mosquitto is a suite of open source message broker software from the Eclipse Foundation. A security vulnerability exists in Mosquitto versions prior to 2.0.16 that stems from a memory leak that occurs when a client sends a v5 CONNECT packet with a probate message containing an invalid...

7.5CVSS6.6AI score0.00065EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 6:16 a.m.•1 views

SUSE CVE-2006-0296

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...

5CVSS7.5AI score0.41202EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 4:31 a.m.•1 views

SUSE CVE-2018-5378

The Quagga BGP daemon bgpd prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash...

5.9CVSS6.9AI score0.09304EPSS

Exploits0References8

RedHat Linux•added 2022/05/10 1:24 p.m.•1 views

ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS6.8AI score0.00091EPSS

Exploits0References5

Microsoft CVE•added 2021/12/16 8:0 a.m.•2 views

A crafted NTFS image can trigger an out-of-bounds read caused by an invalid attribute in ntfs_attr_find_in_attrdef in NTFS-3G < 2021.8.22.

...

7.8CVSS8.5AI score0.00091EPSS

Exploits0

OSV•added 2021/09/07 3:15 p.m.•1 views

DEBIAN-CVE-2021-39255