Lucene search
K

770 matches found

AlpineLinux
AlpineLinux
added 2025/05/23 4:15 p.m.4 views

CVE-2023-53154

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

5.5CVSS6.5AI score0.00219EPSS
Exploits1References3
Snyk
Snyk
added 2025/05/23 3:43 p.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the parsestring function. An attacker can cause a denial of service by sending a malformed JSON input that lacks a trailing newline when cJSONParseWithLength is called. PoC sh "1":1, with no trailing newline...

5.5CVSS6.9AI score0.00219EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:19 p.m.8 views

CVE-2021-21682

Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows...

4.3CVSS6.7AI score0.00967EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:10 p.m.9 views

CVE-2020-13661

Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser...

8.8CVSS7.6AI score0.01144EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:59 a.m.7 views

CVE-2019-12350

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dldownload.php via an id parameter value with a trailing comma...

9.8CVSS8.2AI score0.01385EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:30 p.m.6 views

CVE-2002-2033

faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers to read arbitrary files by specifying the filename in the toc parameter with a trailing null character %00...

5CVSS7AI score0.01373EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/04/18 1:23 a.m.4 views

SUSE CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.9AI score0.0045EPSS
Exploits0References48
OSV
OSV
added 2025/04/16 6:16 p.m.6 views

AZL-60485 CVE-2025-22872 affecting package telegraf for versions less than 1.31.0-10

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.4 views

AZL-60534 CVE-2025-22872 affecting package kubernetes for versions less than 1.30.10-7

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.7 views

AZL-60458 CVE-2025-22872 affecting package containerized-data-importer for versions less than 1.57.0-14

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.5 views

AZL-60474 CVE-2025-22872 affecting package multus for versions less than 4.0.2-5

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.6 views

AZL-60472 CVE-2025-22872 affecting package cert-manager for versions less than 1.11.2-23

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.6 views

AZL-60447 CVE-2025-22872 affecting package cni-plugins for versions less than 1.4.0-3

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.7 views

AZL-60492 CVE-2025-22872 affecting package ig for versions less than 0.37.0-4

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.7 views

AZL-60502 CVE-2025-22872 affecting package cni-plugins for versions less than 1.3.0-8

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 4:25 p.m.5 views

DRUPAL-CONTRIB-2025-035

Stage File Proxy is a general solution for getting production files on a development server on demand. The module doesn't sufficiently validate the existence of remote files prior to attempting to download and create them. An attacker could send many requests and exhaust disk resources. This...

5.9CVSS6.7AI score0.00288EPSS
Exploits0References1
Drupal
Drupal
added 2025/04/16 12:0 a.m.7 views

Stage File Proxy - Moderately critical - Denial of Service - SA-CONTRIB-2025-035

Stage File Proxy is a general solution for getting production files on a development server on demand. The module doesn't sufficiently validate the existence of remote files prior to attempting to download and create them. An attacker could send many requests and exhaust disk resources. This...

5.9CVSS5.8AI score0.00288EPSS
Exploits0References2
RustSec
RustSec
added 2025/03/27 12:0 p.m.6 views

Safe API can cause heap-buffer-overflow

ffi::nstr should be marked unsafe, since a pointer to a buffer without a trailing 0 value will cause a heap buffer overflow...

7.3AI score
Exploits0Affected Software1
OSV
OSV
added 2025/02/26 7:1 a.m.3 views

DEBIAN-CVE-2022-49551

In the Linux kernel, the following vulnerability has been resolved: usb: isp1760: Fix out-of-bounds array access Running the driver through kasan gives an interesting splat: BUG: KASAN: global-out-of-bounds in isp1760register+0x180/0x70c Read of size 20 at addr f1db2e64 by task swapper/0/1...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/14 5:45 a.m.4 views

SUSE CVE-2024-5585

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...

9.4CVSS6.3AI score0.28807EPSS
Exploits1References5
Rows per page
Query Builder