Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
billion vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2019-9555
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small.
Sagemcom F\\@st 5260 Firmware 0.4.39
NA
CVE-2019-95551
Sagemcom F@st 5260 routers on firmware version 0.4.39 (and possibly others), in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small.
NA
CVE-2024-1455
A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory r...
NA
CVE-2013-1864
The Portable Tool Library (aka PTLib) prior to 2.10.10, as used in Ekiga prior to 4.0.1, does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted PXML document containin...
Opalvoip Portable Tool Library 2.10.7
Opalvoip Portable Tool Library 2.10.2
Opalvoip Portable Tool Library 2.10.1
Opalvoip Portable Tool Library 2.10.9
Ekiga Ekiga
Suse Suse Linux Enterprise Software Development Kit 11.0
Suse Suse Linux Enterprise Desktop 11.0
7.5
CVSSv3
CVE-2019-5442
XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process...
Pippo Pippo 1.12.0
NA
CVE-2015-2942
MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2, when using HHVM, allows remote malicious users to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF fi...
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.9
Mediawiki Mediawiki 1.21.10
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.14
Mediawiki Mediawiki 1.22.15
Mediawiki Mediawiki 1.23.6
Mediawiki Mediawiki 1.23.7
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.20.6
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.21.6
Mediawiki Mediawiki 1.22.1
Mediawiki Mediawiki 1.22.2
Mediawiki Mediawiki 1.22.9
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.11
Mediawiki Mediawiki 1.23.2
6.5
CVSSv3
CVE-2021-32623
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast before 9.6 are vulnerable to the billion laughs attack, which allows an malicious user to easily execute a (seemingly permanent) denial of service attack, essentially ta...
Apereo Opencast
7.5
CVSSv3
CVE-2021-41272
Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contr...
Linuxfoundation Besu 21.10.0
Linuxfoundation Besu 21.10.1
NA
CVE-2024-35221
Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML ali...
5.5
CVSSv3
CVE-2023-24056
In pkgconf up to and including 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
Pkgconf Pkgconf
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »