Lucene search
+L

173 matches found

Veracode
Veracode
added 2023/08/22 11:14 a.m.27 views

Remote Code Execution (RCE)

org.jenkins-ci.plugins: convert-to-pipeline is vulnerable to Remote Code Execution RCE. The vulnerability exists due to improperly converting the build environment, build steps, and post-build actions of freestyle projects to the corresponding pipeline step invocations via simple string...

9.8CVSS7.9AI score0.00779EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/06/12 12:0 a.m.4 views

Node.js 安全特征问题漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in versions of Node.js prior to version 3.2.1 that stems from the crypto-js package generating random numbers by concatenating strings, but using integers, which makes the output predictable...

5.3CVSS6.7AI score0.01075EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/05/16 9:8 a.m.6 views

php: Overflowing the length of string causes crash

An integer overflow vulnerability in PHP can lead to a buffer overflow when constructing extremely long strings with the ".=" operator. In unusual circumstances, this could be used by an attacker to cause an application to crash or possibly have other consequences...

9.8CVSS7.7AI score0.07191EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/04/04 12:0 a.m.9 views

The vulnerability of the `findGarbageCode` function of the Cppcheck static analyzer allows an attacker to trigger a service failure by attempting to read beyond the allocated memory boundary.

The vulnerability of the findGarbageCode function of the Cppcheck static analyzer is related to attempts to read beyond the allocated memory boundary, during the concatenation of strings when calling std::operator+. Exploiting this vulnerability can allow an attacker to trigger a service failure...

4.8CVSS5.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/06 6:30 a.m.21 views

SketchSVG Arbitrary Code Injection vulnerability

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...

7.8CVSS8AI score0.00405EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:41 a.m.5 views

SUSE CVE-2013-0750

Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary...

9.3CVSS9.4AI score0.0633EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:45 a.m.5 views

SUSE CVE-2017-8923

The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...

5.3CVSS10AI score0.07191EPSS
Exploits1References12
BDU FSTEC
BDU FSTEC
added 2022/10/04 12:0 a.m.9 views

The vulnerability of the strncat() function in Netgear Nighthawk AC1900 R7000 wireless router software allows a hacker to induce a service failure.

The vulnerability of the strncat function in Netgear Nighthawk AC1900 R7000 wireless router software lies in the fact that the write operation exceeds the buffer limit and is executed in memory. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

10CVSS8AI score0.00982EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2022/05/14 12:0 a.m.3 views

OpenClinica SQL注入漏洞

OpenClinica is a commercial open source clinical trial software for electronic data capture EDC and clinical data management CDM. A security vulnerability exists in OpenClinica versions prior to 3.16.1 that stems from the use of string concatenation to create SQL queries...

9.8CVSS8.4AI score0.01064EPSS
Exploits0References3
Prion
Prion
added 2022/04/06 1:15 a.m.14 views

Buffer overflow

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body...

5CVSS7.7AI score0.02038EPSS
Exploits2References3Affected Software1
RedhatCVE
RedhatCVE
added 2020/06/10 1:24 p.m.51 views

CVE-2020-11078

A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenatio...

4.3CVSS2.1AI score0.05601EPSS
Exploits2References4
OSV
OSV
added 2020/05/20 4:15 p.m.0 views

DEBIAN-CVE-2020-11078

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as...

6.8CVSS6.4AI score0.02593EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/05/20 4:15 p.m.40 views

CVE-2020-11078

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as...

6.8CVSS6.5AI score0.02593EPSS
Exploits0References2
OSV
OSV
added 2020/05/20 4:15 p.m.5 views

UBUNTU-CVE-2020-11078

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as...

6.8CVSS6.6AI score0.02593EPSS
Exploits0References3
CVE
CVE
added 2020/05/20 4:0 p.m.345 views

CVE-2020-11078

CVE-2020-11078 affects httplib2 prior to 0.18.0. An attacker controlling an unescaped portion of the URI in httplib2.Http.request() could alter request headers and body and send hidden requests to the same server. The issue occurs when URIs are built by string concatenation rather than proper esc...

6.8CVSS6.6AI score0.02593EPSS
Exploits0References11Affected Software1
Veracode
Veracode
added 2019/08/08 12:7 a.m.21 views

Buffer Overflows

opensc is vulnerable to buffer overflows. It is due to lack of proper handling of string concatenation in utilacltostr in tools/util.c...

6.6CVSS2.7AI score0.00692EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2018/09/04 12:29 a.m.3 views

UBUNTU-CVE-2018-16418

A buffer overflow when handling string concatenation in utilacltostr in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

6.6CVSS6.7AI score0.00692EPSS
Exploits1References4
Zero Day Initiative
Zero Day Initiative
added 2018/02/21 12:0 a.m.35 views

Microsoft Chakra String Concatenation Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the generation ...

6.8CVSS3.7AI score0.80799EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2018/01/11 12:0 a.m.67 views

Microsoft Edge Chakra JIT Missing Integer Overflow Check

Microsoft Edge: Chakra: JIT: Missing Integer Overflow check in Lowerer::LowerSetConcatStrMultiItem CVE-2018-0758 The method "Lowerer::LowerSetConcatStrMultiItem" is used to generate machine code to concatenate strings. Here's a snippet of the method. void...

7.5AI score0.80799EPSS
Exploits3
exploitpack
exploitpack
added 2018/01/10 12:0 a.m.11 views

Microsoft Edge Chakra JIT - Lowerer::LowerSetConcatStrMultiItem Missing Integer Overflow Check

Microsoft Edge Chakra JIT - Lowerer::LowerSetConcatStrMultiItem Missing Integer Overflow Check / The method "Lowerer::LowerSetConcatStrMultiItem" is used to generate machine code to concatenate strings. Here's a snippet of the method. void Lowerer::LowerSetConcatStrMultiItemIR::Instr instr...

0.4AI score
Exploits0
Rows per page
Query Builder