Lucene search
K

213 matches found

OSV
OSV
added 2024/03/20 8:3 p.m.20 views

CVE-2024-28231 Manipulated DATA Submessage causes a heap-buffer-overflow error

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminate...

9.6CVSS8.9AI score0.00942EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/03/05 12:0 a.m.3 views

PT-2024-40053 · Eth Abi · Eth Abi

Name of the Vulnerable Software and Affected Versions: eth-abi affected versions not specified Description: The issue is related to a recursive pointer problem. It can cause an OverflowError when decoding a specially crafted payload using the decode function from the eth abi module. The error...

7.6AI score
Exploits0References4
OSV
OSV
added 2024/02/05 8:15 a.m.6 views

AZL-34885 CVE-2024-24861 affecting package kernel for versions less than 6.6.35.1-4

A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000getfrequency function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue...

6.3CVSS6.6AI score0.00205EPSS
Exploits0References1
Veracode
Veracode
added 2023/11/07 11:16 a.m.23 views

Stack Overflow

libsquashfs.so is vulnerable to Stack Overflow Error. The vulnerability is caused by an integer overflow in function readfragmenttable4 in a file unsquash-4.c while reading a return value from SQUASHFSFRAGMENTBYTES which can be larger than maximum value of a signed int. This can lead to applicati...

5.5CVSS7.3AI score0.0316EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2023/10/30 12:0 a.m.14 views

SUSE: Security Advisory (SUSE-SU-2023:4225-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.00261EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/08/08 5:21 p.m.64 views

CVE-2023-34454

A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service...

5.9CVSS6.9AI score0.01469EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/08/08 4:49 p.m.37 views

CVE-2023-34453

A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service...

5.9CVSS6.9AI score0.01707EPSS
Exploits1References3
Veracode
Veracode
added 2023/06/15 2:12 p.m.16 views

Denial Of Service (DOS)

The org.kopitubruk.util.JSONUtil library is vulnerable to Denial Of Service Attack DOS . The vulnerability is due to not restricting user supplied JSON to a maximum length causing Stack Overflow Error when the JSON is parsed leading to Denial Of Service DOS attack...

7.5CVSS6.8AI score0.00732EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2023/06/15 8:22 a.m.16 views

Denial Of Service (DOS)

The net.sf.sojo.sojo library is vulnerable to Denial Of Service Attack DOS . The vulnerability is due to not restricting user supplied JSON and CSV to a maximum length causing Stack Overflow Error/Out Of Memory -Heap Error when the input is parsed leading to Denial Of Service DOS attack...

7.5CVSS6.9AI score0.00845EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/05 12:0 a.m.47 views

Amazon Linux 2 : xstream (ALAS-2023-2007)

The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2007 advisory. XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the...

8.2CVSS7.2AI score0.08689EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.5 views

SUSE CVE-2022-41881

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...

7.5CVSS7.2AI score0.01466EPSS
Exploits1References6
Debian
Debian
added 2023/01/11 10:54 p.m.40 views

[SECURITY] [DLA 3267-1] libxstream-java security update

Debian LTS Advisory DLA-3267-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 11, 2023 https://wiki.debian.org/LTS Package : libxstream-java Version : 1.4.11.1-1+deb10u4 CVE ID : CVE-2022-41966 Debian Bug : 1027754 XStream serializes Java objects to XML a...

8.2CVSS6.8AI score0.08689EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/12/29 1:48 a.m.75 views

XStream can cause Denial of Service via stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...

8.2CVSS7.7AI score0.08689EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/12/15 12:0 a.m.7 views

Apple iOS 输入验证错误漏洞

Apple iOS is an operating system developed by Apple Inc. for mobile devices. A security vulnerability exists in iOS prior to 15.6, iPadOS prior to 15.6, and macOS Monterey prior to 12.5, which stems from an integer overflow issue in input validation, and may allow an application to execute...

7.8CVSS7.9AI score0.00325EPSS
Exploits1References3
OSV
OSV
added 2022/12/14 6:6 p.m.34 views

GO-2022-1167 Denial of service in string value parsing in helm.sh/helm/v3

Applications that use the strvals package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes an error that cannot be recovered from. The strvals package contains a parser that turns strings into Go structures. For example, the Helm client has comman...

7.5CVSS7.1AI score0.0076EPSS
Exploits0References2
OSV
OSV
added 2022/12/12 6:15 p.m.4 views

UBUNTU-CVE-2022-41881

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...

7.5CVSS6.8AI score0.01466EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/11/25 12:0 a.m.4 views

PT-2022-36789 · Git +1 · Harfbuzz

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the next function in OT::hb ot apply context...

6.8AI score
Exploits0References2
Snyk
Snyk
added 2022/10/19 6:23 a.m.5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the FTS3 extension, due to 32-bit signed integer overflow. In order to exploit this vulnerability, the attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3...

4.1CVSS7.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/08 12:0 a.m.4 views

PT-2022-36669 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the functions ndpi search irc tcp, check ndpi...

6.8AI score
Exploits0References2
OpenVAS
OpenVAS
added 2022/09/15 12:0 a.m.25 views

Adobe Photoshop Multiple Vulnerabilities (APSB21-109) - Windows

Adobe Photoshop is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS6.5AI score0.01979EPSS
Exploits0References1
Rows per page
Query Builder