Lucene search
K

214 matches found

Positive Technologies
Positive Technologies
added 2021/07/13 12:0 a.m.4 views

PT-2021-7871 · Openjpeg2 +11 · Openjpeg2 +11

Name of the Vulnerable Software and Affected Versions: openjpeg2 version 2.4.0 Description: A flaw was found in the opj2 decompress program in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it...

10CVSS6.1AI score0.04932EPSS
Exploits10References147
OSV
OSV
added 2021/03/10 4:15 p.m.4 views

UBUNTU-CVE-2021-24025

Due to incorrect string size calculations inside the pregquote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 an...

9.8CVSS7.4AI score0.01659EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/03/10 12:0 a.m.8 views

Katy Voor HHVM 输入验证错误漏洞

Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that stems from an incorrect string size calculation in the pregquote function, where a large input string passe...

9.8CVSS8.5AI score0.01659EPSS
Exploits0References3
Snyk
Snyk
added 2020/09/15 10:36 a.m.5 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow. An attacker could control the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. Remediation Upgrade brotli to version...

6.9CVSS6.9AI score0.03217EPSS
Exploits0References2
Prion
Prion
added 2020/06/22 7:15 a.m.32 views

Integer overflow

Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT...

4.6CVSS8.5AI score0.0019EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/04/23 12:0 a.m.13 views

The vulnerability of the HTMLParser module from django.utils.html.strip_tags in the Django web development framework allows a attacker to cause a denial-of-service attack.

The vulnerability of the HTMLParser module in django.utils.html.striptags of the Django web development framework is related to a slow evaluation of large input data, which contain large sequences of incomplete HTML objects. Exploiting this vulnerability may allow an attacker to cause service...

7.8CVSS6.8AI score0.03172EPSS
Exploits0References9Affected Software7
BDU FSTEC
BDU FSTEC
added 2020/04/23 12:0 a.m.9 views

The vulnerability of the console-based graphic editor ImageMagick, which allows a hacker to trigger a service failure

The vulnerability of the console-based graphic editor ImageMagick is caused by a numerical overflow. Exploiting this vulnerability allows an attacker, operating remotely, to cause a service failure termination of the application by sending large input data...

6.8CVSS7AI score0.01457EPSS
Exploits1References9Affected Software8
CNVD
CNVD
added 2019/11/08 12:0 a.m.2 views

CoreCrypto Component Denial of Service Vulnerability in Multiple Apple Products

Apple tvOS is a smart TV operating system. apple iTunes for Windows is a Windows-based media player application. apple iCloud for Windows is a Windows-based cloud service. apple iCloud for Windows is a Windows-based media player application. apple iTunes for Windows is a Windows-based media playe...

7.8CVSS6.4AI score0.02405EPSS
Exploits0References1
OSV
OSV
added 2019/10/14 2:15 a.m.3 views

ALPINE-CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...

8.1CVSS7.3AI score0.09116EPSS
Exploits0References1
OSV
OSV
added 2019/10/14 2:15 a.m.4 views

DEBIAN-CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...

8.1CVSS7.4AI score0.09116EPSS
Exploits0References1
OSV
OSV
added 2018/08/09 8:55 p.m.8 views

GHSA-9CP3-FH5X-XFCJ Regular Expression Denial of Service in charset

Affected versions of charset are susceptible to a regular expression denial of service. The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length. If node was compiled using the...

7.5CVSS6AI score0.01656EPSS
Exploits1References5
OSV
OSV
added 2018/07/24 8:14 p.m.1 views

GHSA-G7Q5-PJJR-GQVP Regular Expression Denial of Service in tough-cookie

Affected versions of tough-cookie are susceptible to a regular expression denial of service. The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length. If node was compiled using the...

7.5CVSS6AI score0.03283EPSS
Exploits0References13
Snyk
Snyk
added 2018/03/05 4:2 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview io.konig:diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. This can cause an impact of about 10 seconds matching time for data 48K characters long. Disclosure Timeline Feb 15th, 2018 -...

7.1CVSS6.7AI score
Exploits0References3
Snyk
Snyk
added 2018/03/05 4:2 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview com.sksamuel.diff:diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. This can cause an impact of about 10 seconds matching time for data 48K characters long. Disclosure Timeline Feb 15th,...

7.1CVSS6.7AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/12/15 10:11 p.m.3 views

openssl: EVP_EncodeUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...

7.5CVSS7.8AI score0.3965EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/12/15 10:11 p.m.5 views

openssl: EVP_EncryptUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncryptUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of t...

7.5CVSS7.8AI score0.27261EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/10/18 7:8 a.m.11 views

openssl: EVP_EncodeUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...

7.5CVSS7.8AI score0.3965EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/10/12 4:57 p.m.7 views

openssl: EVP_EncryptUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncryptUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of t...

7.5CVSS7.8AI score0.27261EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/08/22 6:7 p.m.6 views

openssl: EVP_EncodeUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...

7.5CVSS7.8AI score0.3965EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/08/22 6:7 p.m.8 views

openssl: EVP_EncryptUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncryptUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of t...

7.5CVSS7.8AI score0.27261EPSS
Exploits1References5
Rows per page
Query Builder