Lucene search
K

137 matches found

RedHat Linux
RedHat Linux
added 2025/07/02 2:32 p.m.5 views

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

7.5CVSS5.7AI score0.00784EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/01 4:53 p.m.7 views

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

7.4CVSS7.1AI score0.00568EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/02 12:0 a.m.3 views

SAMSUNG Exynos 2400和SAMSUNG Exynos 1480 缓冲区错误漏洞

SAMSUNG Exynos 2400 and SAMSUNG Exynos 1480 are both cell phone chip processors from Samsung South Korea. A security vulnerability exists in the SAMSUNG Exynos 2400 and SAMSUNG Exynos 1480 that stems from a missing length check that could lead to out-of-bounds writes...

9.1CVSS6.5AI score0.00375EPSS
Exploits0References4
OSV
OSV
added 2025/06/01 12:0 a.m.49 views

ASB-A-386802855

In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.6AI score0.00076EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.5 views

CVE-2021-22761

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious...

7.8CVSS7.2AI score0.00665EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:16 p.m.5 views

CVE-2021-22753

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition...

7.8CVSS7.7AI score0.01172EPSS
Exploits0References1
OSV
OSV
added 2025/04/27 8:15 p.m.11 views

CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

7.8CVSS5.6AI score
Exploits0References6
Snyk
Snyk
added 2025/04/27 7:44 p.m.2 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a missing length check in the JSReadString function. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Commit - GitHub Issue - GitHub Issue -...

7.8CVSS6.8AI score0.00247EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/04/27 12:0 a.m.32 views

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS 0.9.0 and earlier versions, which stems from a lack of length checking in JSReadString, and may result in a heap buffer overflow...

5.6CVSS5.9AI score0.00247EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2025/04/27 12:0 a.m.13 views

CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

7.8CVSS6.2AI score0.00247EPSS
Exploits1
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.3 views

TRENDnet TEG-40128 安全漏洞

The TRENDnet TEG-40128 is a smart switch from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEG-40128 v1 1.00.023 version, which stems from a lack of length validation and a buffer overflow vulnerability that could cause a remote target device to crash or execute arbitrary comman...

5.9CVSS7.6AI score0.0015EPSS
Exploits0References2
OSV
OSV
added 2025/01/14 10:15 p.m.4 views

CVE-2024-57482

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST reques...

9.8CVSS6.4AI score0.00725EPSS
Exploits0References2
NVD
NVD
added 2024/09/13 7:15 p.m.34 views

CVE-2024-6258

BT: Missing length checks of netbuf in rfcommhandledata...

6.8CVSS0.00433EPSS
Exploits1References1
OSV
OSV
added 2024/09/13 7:15 p.m.6 views

CVE-2024-6258

BT: Missing length checks of netbuf in rfcommhandledata...

6.5CVSS5.5AI score0.00433EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.6 views

PT-2024-37489

Name of the Vulnerable Software and Affected Versions: Linux Kernel's RFCOMM Module affected versions not specified Description: The issue is related to a buffer overflow vulnerability due to missing length checks of net buf in the rfcomm handle data function. Recommendations: At the moment, ther...

6.8CVSS6.7AI score0.00433EPSS
Exploits1References6
Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.3 views

In the Elliptic package 6.5.6 for Node.js EDDSA signature malleability occurs because there is a missing signature length check and thus zero-valued bytes can be removed or appended.

...

5.3CVSS9.3AI score0.00302EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/09/02 12:0 a.m.6 views

PT-2024-25098 · Qualcomm · Snapdragon +173

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a Transient Denial of Service DOS that occurs when parsing the multi-link element Control field, specifically when a common...

7.5CVSS6.5AI score0.00297EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/08/02 9:31 a.m.26 views

Elliptic's EDDSA missing signature length check

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

5.3CVSS7.1AI score0.00302EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/08/02 7:16 a.m.7 views

AZL-47421 CVE-2024-42459 affecting package reaper for versions less than 3.1.1-11

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

5.3CVSS6.6AI score0.00302EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2024/08/02 12:0 a.m.18 views

CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

5.3CVSS6.7AI score0.00302EPSS
Exploits1References2
Rows per page
Query Builder