185 matches found
DEBIAN-CVE-2025-59729
When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...
CVE-2025-59729
When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...
RLSA-2025:9106 Moderate: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...
EUVD-2022-3877
Malicious code in bioql PyPI...
EUVD-2025-29022
Malicious code in bioql PyPI...
EUVD-2025-30836
Malicious code in bioql PyPI...
EUVD-2022-1755
Malicious code in bioql PyPI...
CVE-2025-59418 BunnyPad Vulnerable to Buffer Overflow When Opening Files of Size 20MB or Greater
BunnyPad is a note taking software. Prior to version 11.0.27000.0915, opening files greater than or equal to 20MB causes buffer overflow to occur. This issue has been patched in version 11.0.27000.0915. Users who wish not to upgrade should refrain from opening files larger than 10MB...
CVE-2025-59418 BunnyPad Vulnerable to Buffer Overflow When Opening Files of Size 20MB or Greater
BunnyPad is a note taking software. Prior to version 11.0.27000.0915, opening files greater than or equal to 20MB causes buffer overflow to occur. This issue has been patched in version 11.0.27000.0915. Users who wish not to upgrade should refrain from opening files larger than 10MB...
BunnyPad 安全漏洞
BunnyPad is a notepad software open source by GSYT Productions. A security vulnerability exists in BunnyPad versions prior to 11.0.27000.0915, which originates from a buffer overflow that occurs when opening a file greater than or equal to 20MB...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...
Linux Distros Unpatched Vulnerability : CVE-2017-8782
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is...
Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem
Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.2 Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versio...
📄 nopCommerce 4.10 / 4.80.3 Resource Exhaustion
nopCommerce versions 4.10 and 4.80.3 are vulnerable to resource exhaustion vulnerabilities. nopCommerce is vulnerable to Insufficient Resource Allocation Limits when handling large Excel file imports. Although the application provides a warning message recommending that users avoid importing more...
netty: Denial of Service attack on windows app using Netty
A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...
DEBIAN-CVE-2025-54121
Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...
UBUNTU-CVE-2025-54121
Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...
CVE-2025-54121 Starlette has possible denial-of-service vector when parsing large files in multipart forms
Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...
Starlette has possible denial-of-service vector when parsing large files in multipart forms
Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...
GHSA-2C2J-9GV5-CJ73 Starlette has possible denial-of-service vector when parsing large files in multipart forms
Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...