Lucene search
K

182 matches found

Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.7 views

PT-2025-6687

Name of the Vulnerable Software and Affected Versions grub2 affected versions not specified Description A flaw in the JPEG parser allows a specially crafted JPEG file to cause incorrect bounds checking of internal buffers, leading to an out-of-bounds write. This condition could potentially allow ...

6.8CVSS6.7AI score0.00243EPSS
Exploits0References157
AlpineLinux
AlpineLinux
added 2025/01/27 5:6 p.m.15 views

CVE-2025-22604

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ssnetsnmpdiskio or ssnetsnmpdiskbytes, a part of each OID will be used as a key in an array that is...

9.1CVSS6.9AI score0.0529EPSS
Exploits1References3
OSV
OSV
added 2024/11/15 12:15 p.m.5 views

CVE-2024-11237

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3vT TTV6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be...

9.8CVSS6.2AI score0.05198EPSS
Exploits3References6
RedHat Linux
RedHat Linux
added 2024/11/12 10:29 a.m.4 views

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

4.3CVSS7.4AI score0.00839EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/11/12 10:25 a.m.4 views

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

4.3CVSS7.4AI score0.00839EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/11/06 2:57 p.m.3 views

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

4.3CVSS7.4AI score0.00839EPSS
Exploits0References8
Amazon
Amazon
added 2024/10/31 12:0 a.m.3 views

Medium: python38

Issue Overview: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which...

5.3CVSS6.9AI score0.02527EPSS
Exploits1
OSV
OSV
added 2024/10/03 4:15 p.m.2 views

DEBIAN-CVE-2024-36474

An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-boun...

7.8CVSS6.8AI score0.00403EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/04/01 1:31 a.m.4 views

ruby: ReDoS vulnerability in URI

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

5.3CVSS7.5AI score0.02637EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/18 9:47 a.m.5 views

JSON-java: parser confusion leads to OOM

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...

7.5CVSS6.7AI score0.01449EPSS
Exploits1References6
OSV
OSV
added 2024/02/20 6:43 p.m.6 views

CVE-2023-6247

The PKCS7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing...

6.5CVSS6.9AI score0.00778EPSS
Exploits0References3
OSV
OSV
added 2024/02/13 2:15 p.m.7 views

AZL-34560 CVE-2023-4408 affecting package bind for versions less than 9.19.21-1

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects bot...

7.5CVSS6.7AI score0.01327EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/02/12 10:26 a.m.8 views

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

7.5CVSS6.8AI score0.02191EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2024/01/24 5:52 p.m.2 views

CVE-2024-23904

Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...

7.8AI score0.00875EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2023/12/07 12:0 a.m.7 views

VulnCheck KEV: CVE-2012-1461

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus...

4.3CVSS5.8AI score0.91746EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/11/30 12:0 a.m.5 views

The vulnerability of the MXF-file parsers of the Gstreamer multimedia framework allows a hacker to execute arbitrary code.

The vulnerability of Gstreamer’s MXF files parser is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.4AI score0.01744EPSS
Exploits0References11Affected Software8
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.4 views

GStreamer Security Vulnerability

GStreamer is a set of frameworks for processing streaming media. A security vulnerability exists in GStreamer versions prior to 1.22.7, which stems from a heap-based buffer overflow vulnerability in the AV1 codec parser when processing certain malformed streams, which can be exploited by an...

8.8CVSS7.6AI score0.02189EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/09/29 5:15 a.m.19 views

CVE-2023-44464

pretix before 2023.7.2 allows Pillow to parse EPS files...

7.8CVSS7.1AI score0.003EPSS
Exploits0References6
OSV
OSV
added 2023/03/20 3:15 p.m.3 views

UBUNTU-CVE-2023-28428

PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue ...

6.2CVSS5.8AI score0.00221EPSS
Exploits0References4
OSV
OSV
added 2023/03/01 8:15 a.m.2 views

DEBIAN-CVE-2023-20052

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...

5.3CVSS7.5AI score0.07003EPSS
Exploits5References1
Rows per page
Query Builder