220 matches found
EUVD-2018-0589
Malware in sbrugna...
EUVD-2018-0395
Malware in sbrugna...
EUVD-2020-3474
Malware in sbrugna...
EUVD-2025-4098
Malicious code in bioql PyPI...
EUVD-2024-2764
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-16119
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is...
Malicious code in precon-event-loop-helper (npm)
The package precon-event-loop-helper was found to contain malicious code...
MAL-2025-29607 Malicious code in precon-event-loop-helper (npm)
The package precon-event-loop-helper was found to contain malicious code...
[SECURITY] Fedora 42 Update: glib2-2.84.4-1.fc42
GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system...
Linux Distros Unpatched Vulnerability : CVE-2025-54121
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1...
SUSE CVE-2025-54121
Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...
Allocation of Resources Without Limits or Throttling
Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the UploadFile.write method when handling multipart forms containing files larger than the default spoolmaxsize. An attacker can...
DEBIAN-CVE-2025-54121
Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...
UBUNTU-CVE-2025-54121
Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...
GHSA-2C2J-9GV5-CJ73 Starlette has possible denial-of-service vector when parsing large files in multipart forms
Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...
CVE-2020-11120
u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...
Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2025-25283
Summary parse-duration-1.1.0.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2025-25283 DESCRIPTION: parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop...
SUSE-SU-2025:0590-1 Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues: - CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. bsc1237037 - CVE-2025-25193: unsafe reading of environment files can lead to an application crash. bsc1237038 Update to netty version 4.1.1...
CVE-2025-25283
parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...
GHSA-HCRG-FC28-FCG5 parse-duration has a Regex Denial of Service that results in event loop delay and out of memory
Summary This report finds 2 availability issues due to the regex used in the parse-duration npm package: 1. An event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from 0.01 MB and up to 4.3 MB...