Lucene search
+L

45 matches found

cvelist
cvelist
added 2025/03/03 12:0 a.m.27 views

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

5.8CVSS0.00784EPSS
Exploits0References2
osv
osv
added 2025/01/10 12:15 p.m.5 views

AZL-55397 CVE-2025-23016 affecting package fcgi for versions less than 2.4.5-1

FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c...

9.3CVSS7.4AI score0.00566EPSS
Exploits0References1
osv
osv
added 2025/01/10 12:15 p.m.6 views

AZL-55443 CVE-2025-23016 affecting package fcgi for versions less than 2.4.5-1

FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c...

9.3CVSS7.4AI score0.00566EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/01/10 12:0 a.m.5 views

fcgi2 安全漏洞

fcgi2 is a FastCGI developer's toolkit from FastCGI-Archives open source. A security vulnerability exists in fcgi2 versions 2.x through 2.4.4, which stems from the presence of an integer overflow that allows an attacker to send data to an IPC socket with a carefully crafted nameLen or valueLen...

9.3CVSS8.3AI score0.00566EPSS
Exploits0References2
wallarmlab
wallarmlab
added 2024/09/13 5:41 p.m.20 views

Fundamentals of GraphQL-specific attacks

GraphQL vs REST APIs Developers are constantly exploring new technologies that can improve the performance, flexibility, and usability of applications. GraphQL is one such technology that has gained significant attention for its ability to fetch data efficiently. Unlike the traditional REST API,...

7.4AI score
Exploits0
cvelist
cvelist
added 2024/08/30 5:18 p.m.43 views

CVE-2024-21658 Insufficient control of region value length in discourse-calendar

discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been...

4.3CVSS0.00362EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/08/30 5:18 p.m.22 views

CVE-2024-21658 Insufficient control of region value length in discourse-calendar

discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been...

4.3CVSS4.7AI score0.00362EPSS
Exploits0References1
osv
osv
added 2023/05/04 10:31 a.m.4 views

OPENSUSE-SU-2023:0102-1 Security update for editorconfig-core-c

This update for editorconfig-core-c fixes the following issues: Update to version 0.12.6: - CVE-2023-0341: Fixed a buffer overflow in ecblob boo1211032 - Update property key, value length limits per spec change...

7.8CVSS7.8AI score0.00965EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 4:14 a.m.4 views

SUSE CVE-2019-9638

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

5.3CVSS9.5AI score0.06677EPSS
Exploits1References12
osv
osv
added 2023/02/03 10:15 p.m.1 views

DEBIAN-CVE-2023-23082

A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument...

4.6CVSS6.2AI score0.00683EPSS
Exploits1References1
redhat
redhat
added 2023/01/23 3:29 p.m.11 views

libxml2: integer overflows with XML_PARSE_HUGE

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

7.5CVSS6.8AI score0.22791EPSS
Exploits2References4
redhat
redhat
added 2023/01/16 9:29 a.m.11 views

libxml2: integer overflows with XML_PARSE_HUGE

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

7.5CVSS6.8AI score0.22791EPSS
Exploits2References4
redhat
redhat
added 2022/12/08 1:21 p.m.6 views

libxml2: integer overflows with XML_PARSE_HUGE

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

7.5CVSS6.8AI score0.22791EPSS
Exploits2References4
osv
osv
added 2022/09/17 12:55 a.m.8 views

GSD-2022-1006091 smb3: check xattr value length earlier

smb3: check xattr value length earlier This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.256 by commit...

7.2AI score
Exploits0
osv
osv
added 2022/09/17 12:41 a.m.15 views

GSD-2022-1005949 smb3: check xattr value length earlier

smb3: check xattr value length earlier This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.211 by commit...

7.2AI score
Exploits0
cnnvd
cnnvd
added 2021/09/09 12:0 a.m.5 views

RPKI 缓冲区错误漏洞

RPKI is Resource Public Key Infrastructure RPKI, also known as Resource Certification Resource Certification, the full name in Chinese is "Internet Code Resource Public Key Infrastructure", is a public key infrastructure PKI framework designed to make the Internet routing infrastructure more...

7.5CVSS7.8AI score0.01216EPSS
Exploits0References5
redhat
redhat
added 2019/11/01 1:3 p.m.8 views

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

7.5CVSS7.3AI score0.06677EPSS
Exploits1References4
redhat
redhat
added 2019/08/19 8:42 a.m.5 views

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

7.5CVSS7.3AI score0.06677EPSS
Exploits1References4
veracode
veracode
added 2019/05/02 5:29 a.m.31 views

Denial Of Service (DoS)

ntp is vulnerable to denial of service. An incomplete fix for CVE-2014-9750 resulted in improper value length checks in ntpcrypto.c. A packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted...

6.5CVSS7.6AI score0.06135EPSS
Exploits0References14Affected Software1
cnvd
cnvd
added 2019/03/11 12:0 a.m.5 views

PHP Uninitialized Read Vulnerability (CNVD-2019-24792)

PHP is a general-purpose open source scripting language. The syntax absorbs the characteristics of the C language , Java and Perl , easy to learn , widely used , mainly in the field of Web development . An uninitialized read vulnerability exists in exifprocessIFDinMAKERNOTE in the EXIF component ...

7.5CVSS8.9AI score0.06677EPSS
Exploits1References1
Rows per page
Query Builder