Lucene search
K

72 matches found

OSV
OSV
added 2017/07/18 9:29 p.m.1 views

DEBIAN-CVE-2017-11406

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values...

7.5CVSS7.8AI score0.03024EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2016/02/15 12:0 a.m.19 views

Nested attributes rejection proc bypass

When using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the allowdestroy: false option to the acceptsnestedattributesfor method. The allowdestroy flag prevents the :rejectif proc from being called because it assumes that the recor...

5.3CVSS5.7AI score0.0425EPSS
Exploits0References1Affected Software1
Vulnerability Lab
Vulnerability Lab
added 2016/02/02 12:0 a.m.33 views

Soso Transfer v1.1 iOS - Denial of Service Vulnerability

Document Title: =============== Soso Transfer v1.1 iOS - Denial of Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1703 Release Date: ============= 2016-02-02 Vulnerability Laboratory ID VL-ID: ====================================...

0.2AI score
Exploits0
CNVD
CNVD
added 2015/06/09 12:0 a.m.3 views

SysAid Help Desk Sensitive Information Disclosure Vulnerability

SysAid Help Desk is a suite of Web-based IT management software. The SysAid Help Desk sysaid/getAgentLogFile URI does not adequately filter the 'accountId' parameter, allowing remote attackers to submit invalid values to obtain sensitive information...

5CVSS6.8AI score0.57204EPSS
Exploits7References1
securityvulns
securityvulns
added 2014/11/03 12:0 a.m.52 views

"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities

"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities Description: -------------------------------- Four vulnerabilities exist on aircrack-ng = 1.2 Beta 3 which allow remote/local code execution, privilege escalation and denial of service. Specifically, the following vulnerabilities were identified: ...

5CVSS1.4AI score0.23925EPSS
Exploits3
Prion
Prion
added 2013/01/13 8:55 p.m.20 views

Stack overflow

Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies...

9.3CVSS8.3AI score0.07633EPSS
Exploits1References10Affected Software14
Xen Project
Xen Project
added 2012/12/03 5:51 p.m.71 views

Several memory hypercall operations allow invalid extent order values

ISSUE DESCRIPTION Allowing arbitrary extentorder input values for XENMEMdecreasereservation, XENMEMpopulatephysmap, and XENMEMexchange can cause arbitrarily long time being spent in loops without allowing vital other code to get a chance to execute. This may also cause inconsistent state resultin...

4.7CVSS3.2AI score0.00411EPSS
Exploits0Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2010/08/10 12:0 a.m.41 views

Microsoft Windows MPEG Layer-3 Audio Decoder Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the codec responsible for parsing layer ...

10CVSS6.2AI score0.23415EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/07/26 9:0 p.m.21 views

CVE-2007-3106

lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid 1 blocksize0 and 2 blocksize1 values, which trigger a "heap overwrite" in the 01inverse function in res0.c. NOTE...

7.1AI score0.0314EPSS
Exploits0References27
Prion
Prion
added 2006/05/12 5:6 p.m.15 views

Sql injection

E-Business Designer eBD 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in 1 the id parameter to formgrupo.html, or requests to the 2 archivos/ and 3 files/ directories. NOTE: this issue might be resultant...

5CVSS8.4AI score0.01351EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2006/04/19 4:6 p.m.14 views

Design/Logic Flaw

xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the 1 action parameter to membersonly/index.cgi and 2 page parameter customerarea/index.cgi, probably due to invalid values...

5CVSS7.2AI score0.01377EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2002/12/31 5:0 a.m.26 views

CVE-2002-2272

Tomcat 4.0 through 4.1.12, using modjk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service desynchronized communications via an HTTP GET request with a Transfer-Encoding chunked field with invalid values...

7.8CVSS6.7AI score0.09681EPSS
Exploits1References3
Rows per page
Query Builder