Lucene search
K

70 matches found

nvd
nvd
added 2025/05/07 11:15 p.m.24 views

CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

7.5CVSS0.00911EPSS
Exploits0References4
cvelist
cvelist
added 2025/05/07 11:7 p.m.22 views

CVE-2025-46727 Unbounded-Parameter DoS in Rack::QueryParser

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

7.5CVSS0.00911EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/05/06 12:0 a.m.2 views

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A buffer error vulnerability exists in Qualcomm Chipsets, which arises from memory corruption due to a buffer significantly exceeding the command parameter limit when processing an IOCTL request...

7.8CVSS7.2AI score0.00089EPSS
Exploits0References2
astralinux
astralinux
added 2025/02/11 7:35 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed a shift-out-of-bounds issue in dctcpupdatealpha. In dctcpupdatealpha, we use a module parameter dctcpshiftg as follows: alpha -= minnotzeroalpha, alpha dctcpshiftg; ... deliveredce...

5.5CVSS6.3AI score0.00247EPSS
Exploits0References3
susecve
susecve
added 2024/07/03 3:25 a.m.4 views

SUSE CVE-2024-34703

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameter...

5.3CVSS7.1AI score0.005EPSS
Exploits0References5
osv
osv
added 2024/06/30 9:15 p.m.6 views

ALPINE-CVE-2024-34703

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameter...

7.5CVSS7.1AI score0.005EPSS
Exploits0References1
cvelist
cvelist
added 2021/04/14 3:0 p.m.28 views

CVE-2021-27707

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.179502CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex" to strcpy without...

9.8AI score0.02828EPSS
Exploits1References1
hackerone
hackerone
added 2018/06/09 6:51 a.m.52 views

Liberapay: Buffer overflow

A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an arra...

1AI score
Exploits0
cvelist
cvelist
added 2018/06/05 2:0 p.m.21 views

CVE-2016-9490 ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also...

6.2AI score0.01732EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2018/04/02 12:0 a.m.8 views

PT-2018-18916 · Openresty · Openresty

Name of the Vulnerable Software and Affected Versions: OpenResty versions 1.13.6.1 and earlier Description: The issue arises from how OpenResty obtains URI parameters using the ngx.req.get uri args and ngx.req.get post args functions, which ignore parameters beyond the hundredth one. This might...

9.8CVSS7.4AI score0.13683EPSS
Exploits1References5
Rows per page
Query Builder