Lucene search
K

436 matches found

Debian CVE
Debian CVE
added 2018/05/31 7:0 p.m.34 views

CVE-2018-11627

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...

6.1CVSS6.2AI score0.02212EPSS
Exploits1
Cvelist
Cvelist
added 2018/05/31 7:0 p.m.29 views

CVE-2018-11627

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...

5.9AI score0.02212EPSS
Exploits1References4
RubySec
RubySec
added 2018/05/31 12:0 a.m.23 views

XSS via the 400 Bad Request page

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...

6.1CVSS3.6AI score0.02212EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/04/28 12:0 a.m.5 views

Foxit Reader ConvertToPDF_x86 jpg Parsing Out-of-Bounds Read Information Disclosure Vulnerability (CNVD-2018-09958)

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of interactive properties of the PrintParams object, due to a lack of proper memory initialization before accessing memory, which can be exploited by an attacker to obtain...

6.5CVSS7.2AI score0.02704EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/28 12:0 a.m.2 views

zsh Denial of Service Vulnerability

Z Shell Zsh is a Unix shell that can be used as an interactive login shell and a powerful shell script command interpreter. A denial of service vulnerability exists in params.c in zsh versions 5.4.2 and earlier during the copying of an empty hash table. An attacker can exploit this vulnerability ...

7.5CVSS9.1AI score0.02682EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/22 12:0 a.m.6 views

strongSwan rsa_pss_params_parse function denial of service vulnerability

strongSwan is a complete IPsec implementation for Linux 2.6, 3.x and 4.x kernels. A denial of service vulnerability exists in the rsapssparamsparse function in libstrongswan/credentials/keys/signatureparams.c in strongSwan 5.6.1. The vulnerability allows remote attackers to submit special...

5.3CVSS6.8AI score0.01069EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/01/29 6:39 p.m.19 views

MapsMarker.com e.U.: [Informational] Possible SQL Injection in inc/ajax-actions-frontend.php

At first, I thought, that my finding is a valid sql injection but I was wrong because of WordPress currently adding magic slashes to COOKIE/POST/GET - this is a very special behaviour which may be remove in the future. There are tons of requests to remove this "old" technique. Nevertheless I...

8.5AI score
Exploits0
OSV
OSV
added 2017/11/21 5:29 p.m.4 views

UBUNTU-CVE-2017-7550

A flaw was found in the way Ansible 2.3.x before 2.3.3, and 2.4.x before 2.4.1 passed certain parameters to the jenkinsplugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in th...

9.8CVSS7.2AI score0.0353EPSS
Exploits0References2
OSV
OSV
added 2017/11/21 5:29 p.m.5 views

DEBIAN-CVE-2017-7550

A flaw was found in the way Ansible 2.3.x before 2.3.3, and 2.4.x before 2.4.1 passed certain parameters to the jenkinsplugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in th...

9.8CVSS7.9AI score0.0353EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/11/02 12:0 a.m.8 views

PT-2017-17794

Name of the Vulnerable Software and Affected Versions Ansible versions 2.3.x through 2.3.2 Ansible versions 2.4.x through 2.4.0 Description A flaw was found in the way Ansible passed certain parameters to the jenkins plugin module, allowing remote attackers to expose sensitive information from a...

9.8CVSS7.3AI score0.0353EPSS
Exploits0References174
Fortinet
Fortinet
added 2017/10/24 12:0 a.m.56 views

FortiOS DoS on webUI through 'params' JSON parameter

An authenticated user may pass a specially crafted payload to the 'params' parameter of the JSON web API URLs with /json , which can cause the web user interface to be temporarily unresponsive...

4CVSS2AI score0.01745EPSS
Exploits0Affected Software1
OSV
OSV
added 2017/09/21 3:29 p.m.2 views

CVE-2017-9677

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msmcomprioctlshared, variable "ddp-paramslength" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, ra...

7.8CVSS6AI score0.00306EPSS
Exploits0References2
CNVD
CNVD
added 2017/06/27 12:0 a.m.5 views

LAME lame_init_params function denial of service vulnerability

LAME is LAME team developed a set of open source MP3 audio compression software . A security vulnerability exists in the 'lameinitparams' function in the lame.c file of the libmp3lame.a file in LAME version 3.99.5. A remote attacker can exploit this vulnerability to cause a denial of service...

5.5CVSS6.7AI score0.01422EPSS
Exploits0References1
OSV
OSV
added 2017/05/05 6:29 p.m.3 views

CVE-2017-8760

An issue was discovered on Accellion FTA devices before FTA912180. There is XSS in courier/1000@/index.html with the authparams parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads,...

6.1CVSS5.8AI score0.01122EPSS
Exploits1References1
RubySec
RubySec
added 2017/01/11 12:0 a.m.15 views

omniauth leaks authenticity token in callback params

In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...

7.5CVSS4.8AI score0.02143EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/11/08 12:0 a.m.30 views

Fedora 24 : ghostscript (2016-3dad5dfd03)

This update fixes a rare ocasion where ghostscript would fail when displaying .ps files. More info can be found here. ---- This is a security update for these CVEs : - CVE-2016-8602 - check for sufficient params in .sethalftone5 - CVE-2016-7977 - .libfile does not honor -dSAFER This CVE is now...

7.8CVSS7.2AI score0.04566EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2016/06/29 12:0 a.m.3 views

PT-2016-3472 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.6-rc6-next-20120917 Description: The issue is related to an integer overflow in the snd compr allocate buffer function in the ALSA subsystem. This can be exploited by local users via a crafted SNDRV COMPRESS S...

7.8CVSS3.8AI score0.00318EPSS
Exploits0References15
CNVD
CNVD
added 2016/06/28 12:0 a.m.5 views

Linux kernel ALSA subsystem denial of service vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the 'sndcompresscheckinput' function in the sound/core/compressoffload.c file in the ALSA subsystem of the Linux kernel prior to version 3.1...

7.8CVSS7.3AI score0.00384EPSS
Exploits0References1
OSV
OSV
added 2016/06/27 10:59 a.m.2 views

DEBIAN-CVE-2014-9904

The sndcompresscheckinput function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service insufficient memory allocation or possibly have unspecified other impact...

7.8CVSS6.6AI score0.00384EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/26 12:0 a.m.4 views

Rack 'normalize_params()' function denial of service vulnerability

Rack is a Ruby Web server interface that unifies APIs for Web servers, Web frameworks, and middleware, and supports calling them using a single method. A security vulnerability in the Rack 'normalizeparams' function allows remote attackers to conduct denial-of-service attacks that can be exploite...

5CVSS6.9AI score0.07778EPSS
Exploits0References1
Rows per page
Query Builder