Regular Expression Denial of Service (ReDoS)

Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expressions in CHARACTERREFERENCES. This vulnerability can be exploited when parsing XML content containing numerous...

REXML ReDoS vulnerability

Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...

The vulnerability of the desktop publishing system Adobe Framemaker, caused by a full overflow of integers, allows an attacker to execute arbitrary code.

The vulnerability of the desktop publishing system Adobe Framemaker arises from a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user, using a specially created file...

MAL-2024-9765 Malicious code in plugin-transform-numeric-separator (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in plugin-transform-numeric-separator (npm)

--- -= Per source details. Do not edit below this line.=-...

Adobe Framemaker Numeric Error Vulnerability

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A numeric error vulnerability exists in Adobe Framemaker that stems from an integer underflow. An attacker could...

Adobe Framemaker 数字错误漏洞

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A numeric error vulnerability exists in Adobe Framemaker that stems from an integer underflow. An attacker could...

The vulnerability of the LZ4 data compression algorithm, which involves errors in number processing, allows a hacker to cause a service failure.

The vulnerability of the lossless LZ4 data compression algorithm is related to errors in number processing. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

PT-2024-6359 · Microsoft · Sql Server

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to errors in numerical truncation in the Microsoft SQL Server system, which can allow a remote attacker to gain unauthorized access to protected informatio...

ABB Freelance AC 900F and AC 700F Numeric Range Comparison Without Minimum Check (CVE-2023-0425)

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...

ZKsync Era 安全漏洞

ZKsync Era is an open source compiler from Matter Labs. A security vulnerability exists in versions of ZKsync Era prior to 1.5.3, which stems from LLVM mishandling of specific instructions during optimization, resulting in a numeric expansion error that affects contract execution on EraVM...

The vulnerability of the IP address checking function in FortiOS operating systems and FortiProxy proxy servers allows attackers to circumvent existing security restrictions.

The vulnerability of the IP address checking function in FortiOS operating systems and FortiProxy proxy servers for protecting against Internet attacks is related to the improper handling of numerical parameters based on different criteria. Exploiting this vulnerability allows a malicious actor t...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows attackers to circumvent existing security restrictions.

The vulnerability of the Secure Boot protocol for loading operating systems on Windows is related to a numerical overflow condition. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows attackers to circumvent existing security restrictions.

The vulnerability of the Secure Boot protocol for Windows operating systems is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to bypass existing security restrictions remotely...

Numeric Truncation Error

Overview Affected versions of this package are vulnerable to Numeric Truncation Error through the handling of specially crafted inputs. An attacker can execute arbitrary code on the target system by sending a malformed data packet. Remediation Upgrade Microsoft.Azure.Kinect.Sensor to version or...

PT-2024-5554 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiProxy versions 7.4.3 and below FortiProxy versions 7.2.10 and below FortiProxy versions 7.0.17 and below FortiOS versions 7.4.3 and below FortiOS versions 7.2.8 and below FortiOS versions 7.0.15 and below Description: The issue is relate...

CVE-2024-38661

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modifybitmap A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007 R3:00000003fe5b8007...

CVE-2024-6125

CVE-2024-6125 is a WordPress plugin vulnerability in Login with phone number up to version 1.7.34. The issue allows unauthenticated password resets by guessing a 6-digit numeric code because the reset code is weak and there is no limit on attempts or time. Public sources confirm the root cause as...

CVE-2023-7264 Build App Online <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code...

CVE-2023-7264

The Build App Online plugin for WordPress (all versions up to 1.0.21) is vulnerable due to a weak password reset mechanism. An unauthenticated attacker can reset arbitrary user passwords by guessing a 4‑digit numeric reset code, enabling account takeover with high impact (C/H/I/A). The connected ...