Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/05/01 2:45 p.m.30 views

CVE-2026-7583 Open5GS BSF context.c bsf_sess_find_by_ipv6prefix denial of service

A flaw has been found in Open5GS up to 2.7.7. This issue affects the function bsfsessfindbyipv6prefix of the file /src/bsf/context.c of the component BSF. This manipulation of the argument ipv6Prefix causes denial of service. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS0.00271EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/08 12:4 a.m.7 views

File Browser has an access rule bypass via HasPrefix without trailing separator in path matching

Hi, The Matches function in rules/rules.go uses strings.HasPrefix without a trailing directory separator when matching paths against access rules. A rule for /uploads also matches /uploadsbackup/, granting or denying access to unintended directories. Verified against v2.62.2 commit 860c19d. Detai...

7.5CVSS5.9AI score0.00392EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2025/12/09 8:32 a.m.3 views

expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...

7.8CVSS7.2AI score0.07107EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.2 views

SUSE CVE-2013-1772

The logprefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service buffer overflow and system crash by leveraging /dev/kmsg write access and triggering a...

4CVSS6.4AI score0.00377EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.1 views

SUSE CVE-2015-1270

The ucnviogetConverterName function in common/ucnvio.cpp in International Components for Unicode ICU, as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service read of uninitialized memory or...

6.8CVSS9.3AI score0.02732EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2021/03/11 8:0 a.m.5 views

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

8.2CVSS8.2AI score0.0061EPSS
Exploits0
OSV
OSV
added 2013/02/28 7:55 p.m.1 views

DEBIAN-CVE-2013-1772

The logprefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service buffer overflow and system crash by leveraging /dev/kmsg write access and triggering a...

4CVSS6.3AI score0.00377EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2010/04/30 12:0 a.m.10 views

Mandriva Update for iproute2 MDVA-2010:137 (iproute2)

Check for the Version of iproute2 OpenVAS Vulnerability Test Mandriva Update for iproute2 MDVA-2010:137 iproute2 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

7.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2010/04/30 12:0 a.m.17 views

Mandriva Update for iproute2 MDVA-2010:137 (iproute2)

Check for the Version of iproute2 OpenVAS Vulnerability Test Mandriva Update for iproute2 MDVA-2010:137 iproute2 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Exploits0References2
ThreatPost
ThreatPost
added 2009/09/30 5:24 p.m.5 views

Researcher Publishes Valid Wildcard SSL Certificate

In the wake of Moxie Marlinspike’s SSL talk at Black Hat this summer, another security researcher has used the technique described in the talk to create and publish a valid wildcard certificate and private key that could be used to fool browsers into believing a site is legitimate when it is in...

0.7AI score
Exploits0References7
Rows per page
Query Builder