Lucene search
K

19 matches found

Snyk
Snyk
added 2026/06/03 2:29 p.m.8 views

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the unicodedata.normalize function. An attacker can cause excessive CPU consumption by submitting specially crafted Unicode input, potentially leading to service disruption. Remediation A fix was...

6.9CVSS5.5AI score0.00492EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 9:25 a.m.9 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the EqualsUri function. An attacker can cause incorrect URI comparisons by supplying specially crafted input values. Remediation Upgrade uriparser to version 1.0.2 or higher. References -...

5.3CVSS5.3AI score0.00211EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 10:31 p.m.10 views

Cross-site Request Forgery (CSRF)

Overview misp-modules is a MISP modules are autonomous modules that can be used for expansion and other services in MISP Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the home blueprint, which was exempted from CSRF protection. An attacker can perform...

9.3CVSS5.5AI score0.00185EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/28 11:19 a.m.7 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to uncontrolled recursion in the skip function. An attacker can cause a stack overflow and potentially crash the application by sending specially crafted input that triggers deep recursion. Remediation Upgrade...

8.7CVSS5.9AI score0.00469EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.4 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the cryptographic algorithm implementation. An attacker can compromise the confidentiality of sensitive information by exploiting weak or insufficient cryptographic algorithms...

2.9CVSS7.2AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:8 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the sixeldecode function. An attacker can cause memory corruption or a crash. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit...

8.3CVSS5.8AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/08 10:0 p.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the WaveletDenoiseImage function. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - Red Hat Bugzilla Bug Credit: Hao Ren...

6.8CVSS5.8AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/25 7:12 p.m.6 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the PDB decoder when a memory allocation fails, leading to the use of a stale pointer. An attacker can cause a crash or trigger a single zero byte write by providing specially crafted input files. Remediation A fix was...

6.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/02/25 6:17 a.m.2 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in the vipsforeignloadmatrixheader function. An attacker can cause memory corruption by providing specially crafted input files to the affected process. Remediation A fix was pushed into the master branch but not yet...

7.8CVSS6.1AI score0.00184EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/06 2:47 a.m.4 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the ResolveNodeIdToIp function in the SMF component. An attacker can cause a service disruption by sending specially crafted requests remotely. Remediation Upgrade...

7.5CVSS6.1AI score0.00499EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/27 12:0 a.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the parseheader function. An attacker can cause application instability or denial of service by supplying a specially crafted treemagic file that triggers a buffer underflow and out-of-bounds memory access...

4.8CVSS6AI score0.00139EPSS
Exploits1References4
Snyk
Snyk
added 2025/12/28 10:45 p.m.3 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the sgpipelinedescdefaults function. An attacker can execute arbitrary code or cause a crash by supplying crafted input that triggers a stack-based buffer overflow. Remediation A fix was pushed into the...

7.8CVSS7.9AI score0.00192EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/11 5:44 p.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to LLVM optimizations that may transform constant-time implementations into non-constant-time code. An attacker can obtain sensitive information by exploiting timing discrepancies through side-channel analysis...

3.7CVSS5.8AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/07 10:42 p.m.2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the elflinkaddobjectsymbols function in the Linker component. An attacker can cause a crash by supplying specially crafted input files during local processing. Remediation A fix was pushed into the master branch b...

6.1CVSS4.3AI score0.00199EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/04 12:0 a.m.3 views

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference in the parsing process of xsl nodes. An attacker can cause the application to crash by triggering the dereference of expired pointers after memory has been freed. Remediation A fix was pushed into the master...

6.8CVSS6.9AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/05 12:0 a.m.1 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to a misplaced isOk check in the JBIG2Bitmap::combine function. Remediation Upgrade poppler to version 25.11.0 or higher. References - Gitlab Commit - Gitlab Issues - Gitlab PR - Red Hat Bugzilla Bug...

7.1CVSS6.1AI score0.00218EPSS
Exploits1References2
Snyk
Snyk
added 2025/01/23 12:45 a.m.2 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write due to the component blendtransformedtiledargb.isra.0. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Issue - PoC Credit: keepinggg...

8.2CVSS6.9AI score0.00386EPSS
Exploits1References2
Snyk
Snyk
added 2024/06/27 12:0 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of GSS message tokens. An attacker can manipulate the token data to cause unauthorized actions or access by sending specially crafted tokens. Remediation A fix was pushed into the...

9.1CVSS6.8AI score0.01863EPSS
Exploits0References2
Snyk
Snyk
added 2023/02/19 10:31 a.m.3 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the -g option of the CleanNode function. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Issue Credit: bsdb0y...

9.8CVSS6.9AI score0.01128EPSS
Exploits1References2
Rows per page
Query Builder