Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

bignum project bignum vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2022-25324
All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.
Bignum Project Bignum
8.1
CVSSv3
CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete ...
Libexpat Project LibexpatCanonical Ubuntu Linux 12.04Mcafee Policy AuditorPython Python
5.9
CVSSv3
CVE-2012-6702
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent malicious users to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
Libexpat Project LibexpatGoogle Android 5.0.2Google Android 6.0.1Google Android 6.0Canonical Ubuntu Linux 12.04Debian Debian Linux 8.0Google Android 4.4.4Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 15.10Canonical Ubuntu Linux 14.04Google Android 5.1.1
7.5
CVSSv3
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix ...
Canonical Ubuntu Linux 12.04Debian Debian Linux 8.0Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 15.10Canonical Ubuntu Linux 14.04Libexpat Project LibexpatGoogle Android 5.0.2Google Android 6.0.1Google Android 6.0Google Android 4.4.4Google Android 5.1.1
NA
CVE-2012-0876
The XML parser (xmlparse.c) in expat prior to 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via an XML file with many identifiers wit...
Libexpat Project LibexpatPython PythonDebian Debian Linux 7.0Debian Debian Linux 6.0Canonical Ubuntu Linux 11.04Canonical Ubuntu Linux 11.10Canonical Ubuntu Linux 8.04Canonical Ubuntu Linux 10.04Canonical Ubuntu Linux 12.04Oracle Solaris 11.3Redhat Enterprise Linux Server 5.0Redhat Enterprise Linux Server Aus 6.2Redhat Enterprise Linux Workstation 5.0Redhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux Workstation 6.0Redhat Enterprise Linux Desktop 5.0Redhat Storage 2.0Redhat Enterprise Linux Eus 6.2
9.8
CVSSv3
CVE-2016-0718
Expat allows context-dependent malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Mozilla FirefoxApple Mac Os XSuse Linux Enterprise Server 11Suse Studio Onsite 1.3Suse Linux Enterprise Software Development Kit 11Suse Linux Enterprise Debuginfo 11Opensuse Leap 42.1Suse Linux Enterprise Software Development Kit 12Suse Linux Enterprise Server 12Suse Linux Enterprise Desktop 12Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 14.04Libexpat Project LibexpatDebian Debian Linux 8.0Opensuse Opensuse 13.1Opensuse Opensuse 13.2Mcafee Policy AuditorPython Python
NA
CVE-2013-4207
Buffer overflow in sshbn.c in PuTTY prior to 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum fun...
Putty Putty 0.57Putty Putty 0.56Putty Putty 0.55Putty Putty 0.54Putty Putty 0.53bSimon Tatham PuttyPutty Putty 0.49Putty Putty 0.48Putty Putty 0.47Putty Putty 0.46Putty Putty 0.60Putty Putty 0.58Putty Putty 0.52Putty Putty 0.50Putty Putty 0.45Putty Putty 0.61Putty Putty 0.59Simon Tatham Putty 0.53Putty Putty 0.51Putty Putty 2010-06-01
NA
CVE-2014-3569
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected ...
Openssl Openssl 1.0.1j
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073CVE-2024-5496CVE-2024-5495XPath injectionbypassCVE-2024-30043CVE-2024-24919denial of serviceCVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook