20 matches found
CVE-2026-34404
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a Denial of Service DoS vulnerability. The issue arises because there is no restriction on the width and height...
CVE-2019-25378
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...
CVE-2019-25378
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...
CVE-2019-25378 Smoothwall Express 3.1 'proxy.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...
PT-2026-8361
Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE SIZE, MAX SIZE, MIN SIZE, MAX OUTGOING SIZE, and MAX INCOMING SIZE. Attackers can...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992364)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992364 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in stsetup Change the array size to follow parms size instead of a...
EUVD-2008-5594
Malware in sbrugna...
CVE-2025-21464
Information disclosure while reading data from an image using specified offset and size parameters...
CVE-2025-21464
Information disclosure while reading data from an image using specified offset and size parameters...
CVE-2022-0750
The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnailwidth, thumbnailheight, maximagewidth, and maximageheight parameters found in the /photoswipe-masonry.php file which allows authenticated attackers t...
Gazelle cross-site scripting vulnerability (CNVD-2017-05135)
Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in versions of Gazelle prior to 2017-03-19 that stems from the program failing to adequately filter the torrents and size parameters. A remote attacker could use this vulnerability to execute...
python: buffer() integer overflow leading to out of bounds read
An integer overflow flaw was found in the way the buffer function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash...
Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer — Mozilla
Mozilla intern Julian Hector discovered a regression in the graphics buffer management of Firefox OS's graphics layer that would lead to graphics memory corruption by providing negative size parameters. JavaScript can not access the graphics layer in a way required to trigger this vulnerability,...
Affix Bluetooth Protocol Stack 3.1/3.2 Signed Buffer Index Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/13347/info A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. This issue may b...
CVE-2008-5620
RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...
Design/Logic Flaw
RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...
CVE-2008-5620
RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...
CVE-2008-5620
RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...
DEBIAN-CVE-2008-5620
RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...
CVE-2008-5620
RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...