137 matches found
CGI: Denial of Service in CGI::Cookie.parse
A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...
SAMSUNG Exynos 2400和SAMSUNG Exynos 1480 缓冲区错误漏洞
SAMSUNG Exynos 2400 and SAMSUNG Exynos 1480 are both cell phone chip processors from Samsung South Korea. A security vulnerability exists in the SAMSUNG Exynos 2400 and SAMSUNG Exynos 1480 that stems from a missing length check that could lead to out-of-bounds writes...
ASB-A-386802855
In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2021-22761
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious...
CVE-2021-22753
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition...
CVE-2025-46687
quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a missing length check in the JSReadString function. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Commit - GitHub Issue - GitHub Issue -...
QuickJS 安全漏洞
QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS 0.9.0 and earlier versions, which stems from a lack of length checking in JSReadString, and may result in a heap buffer overflow...
CVE-2025-46687
quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...
TRENDnet TEG-40128 安全漏洞
The TRENDnet TEG-40128 is a smart switch from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEG-40128 v1 1.00.023 version, which stems from a lack of length validation and a buffer overflow vulnerability that could cause a remote target device to crash or execute arbitrary comman...
CVE-2024-57482
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST reques...
CVE-2024-6258
BT: Missing length checks of netbuf in rfcommhandledata...
CVE-2024-6258
BT: Missing length checks of netbuf in rfcommhandledata...
PT-2024-37489
Name of the Vulnerable Software and Affected Versions: Linux Kernel's RFCOMM Module affected versions not specified Description: The issue is related to a buffer overflow vulnerability due to missing length checks of net buf in the rfcomm handle data function. Recommendations: At the moment, ther...
In the Elliptic package 6.5.6 for Node.js EDDSA signature malleability occurs because there is a missing signature length check and thus zero-valued bytes can be removed or appended.
...
PT-2024-25098 · Qualcomm · Snapdragon +173
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a Transient Denial of Service DOS that occurs when parsing the multi-link element Control field, specifically when a common...
Elliptic's EDDSA missing signature length check
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
AZL-47421 CVE-2024-42459 affecting package reaper for versions less than 3.1.1-11
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...