Lucene search
K

88 matches found

RedHat Linux
RedHat Linux
added 2020/08/26 10:11 a.m.5 views

Mozilla: Out of bound read in Date.parse()

Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...

6.5CVSS7.3AI score0.01362EPSS
Exploits0References5
Veracode
Veracode
added 2020/07/24 3:38 a.m.19 views

Information Disclosure

parse is vulnerable to information disclosure. The setPassword function stores the user's password in localStorage as raw text, allowing a user to access the localStorage and obtain the password...

1.8AI score
Exploits0
CNVD
CNVD
added 2020/07/03 12:0 a.m.2 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2020-44565)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A buffer overflow vulnerability exists in Date.parse in versions prior to Mozilla Firefox 78. An attacker can exploit this vulnerability to obtain sensitive information...

6.5CVSS8.9AI score0.01362EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/02/04 12:0 a.m.5 views

PT-2020-19961 · Npm +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions 1.4.4 and earlier Description: The issue is related to insufficient validation and sanitization of user input in the url-parse npm package, which may allow an attacker to bypass security checks. Recommendations: For version...

10CVSS6.2AI score0.03805EPSS
Exploits7References32
OSV
OSV
added 2018/08/12 10:29 p.m.10 views

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

10CVSS9.7AI score
Exploits0References3
Veracode
Veracode
added 2017/05/02 9:47 a.m.9 views

Remote Code Execution

mongo-parse is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

8.2AI score
Exploits0
OSV
OSV
added 2017/01/23 9:59 p.m.3 views

UBUNTU-CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...

7.5CVSS7.1AI score0.02358EPSS
Exploits1References2
OSV
OSV
added 2016/05/22 1:59 a.m.21 views

CVE-2016-4539

The xmlparseintostruct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service buffer under-read and segmentation fault or possibly have unspecified other impact via crafted XML data in the second argument,...

9.8CVSS8.2AI score
Exploits0References15
Rows per page
Query Builder