Search Results (439 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3828 1 Google 1 Android 2025-04-12 N/A
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995.
CVE-2016-3829 1 Google 1 Android 2025-04-12 N/A
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649.
CVE-2016-4356 2 Canonical, Gnupg 2 Ubuntu Linux, Libksba 2025-04-12 N/A
The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.
CVE-2016-6691 1 Google 1 Android 2025-04-12 N/A
service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly have unspecified other impact via an access point that has a malformed SSID with GBK encoding, aka Qualcomm internal bug CR 978452.
CVE-2010-2055 2 Artifex, Redhat 4 Afpl Ghostscript, Ghostscript Fonts, Gpl Ghostscript and 1 more 2025-04-11 N/A
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
CVE-2012-6152 2 Pidgin, Redhat 2 Pidgin, Enterprise Linux 2025-04-11 N/A
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.
CVE-2013-3646 1 Cybozu 1 Cybozu Live 2025-04-11 N/A
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression.
CVE-2024-5699 1 Mozilla 1 Firefox 2025-04-04 9.8 Critical
In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127.
CVE-2023-24021 3 Debian, Redhat, Trustwave 3 Debian Linux, Jboss Core Services, Modsecurity 2025-04-02 7.5 High
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
CVE-2022-3854 1 Redhat 1 Ceph Storage 2025-03-06 6.5 Medium
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.
CVE-2022-49045 2025-03-02 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-27110 2025-02-26 8.6 High
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.
CVE-2022-29604 1 Opennetworking 1 Onos 2025-02-05 9.8 Critical
An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network.
CVE-2023-48674 1 Dell 346 Latitude 5280, Latitude 5280 Firmware, Latitude 5288 and 343 more 2025-01-31 6.8 Medium
Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.
CVE-2024-54158 1 Jetbrains 1 Youtrack 2025-01-30 3.5 Low
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
CVE-2023-29400 2 Golang, Redhat 22 Go, Acm, Advanced Cluster Security and 19 more 2025-01-24 7.3 High
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
CVE-2023-24540 2 Golang, Redhat 20 Go, Acm, Advanced Cluster Security and 17 more 2025-01-24 9.8 Critical
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
CVE-2023-24539 2 Golang, Redhat 22 Go, Acm, Advanced Cluster Security and 19 more 2025-01-24 7.3 High
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.
CVE-2023-28263 1 Microsoft 2 Visual Studio 2019, Visual Studio 2022 2025-01-23 5.5 Medium
Visual Studio Information Disclosure Vulnerability
CVE-2023-33461 1 Ndevilla 1 Iniparser 2025-01-09 5.5 Medium
iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.