Lucene search
K

239 matches found

BDU FSTEC
BDU FSTEC
added 2024/01/31 12:0 a.m.5 views

The vulnerability of the Delta Industrial Automation DOPSoft software for designing human-machine interfaces lies in the copying of buffers without checking the size of the input data. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Delta Industrial Automation DOPSoft software for designing human-machine interfaces lies in the copying of buffers without checking the size of input data during syntax analysis of the wKPFStringLen field. Exploiting this vulnerability allows a malicious actor to execute...

7.5CVSS7.7AI score0.00411EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/01/24 5:15 p.m.4 views

DEBIAN-CVE-2023-51885

Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component...

9.8CVSS9.2AI score0.01277EPSS
Exploits1References1
OSV
OSV
added 2024/01/24 5:15 p.m.2 views

UBUNTU-CVE-2023-51885

Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component...

9.8CVSS6.2AI score0.01277EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2023/12/11 12:0 a.m.10 views

The vulnerability of the struts.multipart.saveDir configuration on the Apache Struts software platform allows attackers to cause service failures.

The vulnerability of the struts.multipart.saveDir configuration on the Apache Struts software platform is related to insufficient control over resources with dynamic management, as a result of processing query fields whose values exceed the maxStringLength limit. Exploiting this vulnerability...

7.8CVSS7.1AI score0.06286EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/12/05 9:33 a.m.5 views

GHSA-729Q-FCGP-R5XH Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fi...

7.5CVSS6.8AI score0.06286EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2023/11/21 11:18 a.m.4 views

c-ares: buffer overflow in config_sortlist() due to missing string length check

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...

8.6CVSS7.5AI score0.01232EPSS
Exploits1References5
AlmaLinux
AlmaLinux
added 2023/11/07 12:0 a.m.47 views

Moderate: c-ares security, bug fix, and enhancement update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. The following packages have been upgraded to a later upstream version: c-ares 1.19.1. BZ2210370 Security Fixes: c-ares: buffer overflow in configsortlist due to missing string length check...

8.6CVSS7.7AI score0.01232EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2023/11/02 3:54 p.m.4 views

c-ares: buffer overflow in config_sortlist() due to missing string length check

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...

8.6CVSS7.5AI score0.01232EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.3 views

PT-2023-24668 · Cpdb-Libs +2 · Cpdb-Libs +2

Name of the Vulnerable Software and Affected Versions: cpdb-libs versions 1.0 through 2.0b4 Description: The issue arises from the improper use of scanf3 in cpdb-libs, leading to buffer overflows. This occurs because fscanf and scanf functions are used to parse command lines and configuration fil...

9.8CVSS9.4AI score0.01539EPSS
Exploits1References19
OSV
OSV
added 2023/06/14 12:0 a.m.4 views

UBUNTU-CVE-2023-34095

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends CPDB project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of scanf3. cpdb-libs uses the fscanf and scanf functions to parse command lines and configuration...

9.8CVSS7.5AI score0.01539EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/05/09 11:51 a.m.4 views

c-ares: buffer overflow in config_sortlist() due to missing string length check

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...

8.6CVSS7.5AI score0.01232EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/04/12 3:4 p.m.8 views

c-ares: buffer overflow in config_sortlist() due to missing string length check

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...

8.6CVSS7.5AI score0.01232EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.49 views

K15031791: Samba vulnerability CVE-2015-5330

Security Advisory Description ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and th...

7.5CVSS7AI score0.06114EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.2 views

SUSE CVE-2007-0460

Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."...

10CVSS7.3AI score0.02555EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.3 views

SUSE CVE-2011-3631

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local us...

8.8CVSS7.9AI score0.02693EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:38 a.m.4 views

SUSE CVE-2013-2478

The dissectserverinfo function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service application crash via a malformed packet that 1...

3.3CVSS7.6AI score0.01081EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:12 a.m.2 views

SUSE CVE-2015-8315

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

7.8CVSS6.8AI score0.06768EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:9 a.m.3 views

SUSE CVE-2016-0799

The fmtstr function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service overflow and out-of-bounds read or possibly have unspecified other impact via a long string, as...

9.8CVSS9.2AI score0.32414EPSS
Exploits1References27
Vulnrichment
Vulnrichment
added 2022/12/14 1:26 p.m.3 views

CVE-2022-23516 Uncontrolled Recursion in Loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

7.5CVSS7.1AI score0.01104EPSS
Exploits0References2
OSV
OSV
added 2022/12/14 1:26 p.m.33 views

CVE-2022-23516 Uncontrolled Recursion in Loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

7.5CVSS6.3AI score0.01104EPSS
Exploits0References5
Rows per page
Query Builder