Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/05/28 7:25 a.m.18 views

CVE-2026-4408 Samba: remote code execution in samr

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9CVSS5.9AI score0.02501EPSS
Exploits0References17
Cvelist
Cvelist
added 2026/04/02 4:44 p.m.186 views

CVE-2026-35386

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...

3.6CVSS0.00247EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/04/23 10:34 a.m.9 views

rexml: DoS vulnerability in REXML

An uncontrolled resource consumption vulnerability was found in REXML. When parsing an untrusted XML with many specific characters such as , it can lead to a denial of service...

4.3CVSS7.3AI score0.01493EPSS
Exploits0References6
OSV
OSV
added 2023/11/06 8:15 p.m.4 views

CVE-2023-5719

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent % character, invalid values will be included, potentially truncating...

9.8CVSS5.8AI score0.0051EPSS
Exploits0References2
OSV
OSV
added 2022/12/22 8:15 p.m.5 views

CVE-2022-31739

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This...

8.8CVSS7.4AI score0.00662EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/12/14 12:0 a.m.6 views

The vulnerability of the SSH Dropbear session management software lies in insufficient input data validation, allowing an attacker to execute arbitrary code.

The vulnerability of the SSH Dropbear session management software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using the percent symbol “%” as a format specifier in arguments for “username” or “host”...

10CVSS8.2AI score0.10494EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2017/04/05 12:0 a.m.4 views

cURL Information Disclosure Vulnerability

cURL is a command line file transfer tool that supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. An information disclosure vulnerability exists in the ourWriteOut function of toolwriteout.c in cURL 7.53.1, where an attacker can obtain sensitive information by reading the...

2.4CVSS6.8AI score0.00581EPSS
Exploits0References1
OSV
OSV
added 2017/04/03 12:0 a.m.5 views

UBUNTU-CVE-2017-7407

The ourWriteOut function in toolwriteout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a...

2.4CVSS6.8AI score0.00581EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/06/25 7:14 p.m.2 views

curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs

Heap-based buffer overflow in the curleasyunescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted string ending in a "%" percent character...

6.8CVSS7.3AI score0.11118EPSS
Exploits2References4
Rows per page
Query Builder