9418 matches found
CVE-2015-5694
Designate does not enforce the DNS protocol limit concerning record set sizes...
CVE-2015-5694
Designate does not enforce the DNS protocol limit concerning record set sizes...
DEBIAN-CVE-2015-5694
Designate does not enforce the DNS protocol limit concerning record set sizes...
Code injection
Designate does not enforce the DNS protocol limit concerning record set sizes...
UBUNTU-CVE-2015-5694
Designate does not enforce the DNS protocol limit concerning record set sizes...
PYSEC-2019-243
Designate does not enforce the DNS protocol limit concerning record set sizes...
PYSEC-2019-243
Designate does not enforce the DNS protocol limit concerning record set sizes...
CVE-2015-5694
Technical details for CVE-2015-5694 are not publicly available in the provided documents. Monitor for updates.
CVE-2015-5694
Designate does not enforce the DNS protocol limit concerning record set sizes...
DEBIAN-CVE-2019-14818
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file...
PSF-2019-14 Regular Expression Denial of Service in http.cookiejar
The regex http.cookiejar.LOOSEHTTPDATERE is vulnerable to regular expression denial of service "REDoS". LOOSEHTTPDATERE.match is called when using http.cookiejar.CookieJar to parse Set-Cookie headers returned by a HTTP server. Processing a response from a malicious HTTP server can lead to extreme...
CVE-2019-2205
In ProxyResolverV8::SetPacScript of proxyresolverv8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...
Magento Cross-Site Scripting via Attribute Set Name
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products...
GHSA-XV69-F7X5-R4QW Magento Cross-Site Scripting via Attribute Set Name
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products...
UBUNTU-CVE-2019-14818
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file...
UBUNTU-CVE-2019-18862
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode...
The vulnerability of D-Link DIR-823G router’s microprogramming software lies in the lack of measures to clean incoming data in the SetStaticRouteSettings field. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of D-Link DIR-823G router’s microprogramming software is related to the lack of measures for cleaning incoming data in the SetStaticRouteSettings field. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the...
Cross site scripting
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products...
CVE-2019-8145
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products...
The vulnerability of the curl_url_set() function in the libcurl library allows a hacker to trigger a service failure.
The vulnerability of the curlurlset function in the libcurl library is related to integer overflow. Exploiting this vulnerability could allow a remote attacker to cause a service failure...