CVE-2024-21538

A Regular Expression Denial of Service ReDoS vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string...

TOTOLINK A810R infostat.cgi buffer overflow vulnerability

TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. The TOTOLINK A810R infostat.cgi suffers from a buffer overflow vulnerability that can be exploited by a remote attacker to submit a special request that can crash the service program or execute arbitrary code in...

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

CVE-2024-21539

The CVE-2024-21539 issue affects @eslint/plugin-kit versions before 0.2.3, which are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can drive higher CPU usage and crash the program. A fixed version is 0.2.3 or later. Other connected sour...

CVE-2024-21539

Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability...

webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash

A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence...

webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash

A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence...

webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash

A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence...

webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash

A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence...

webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash

A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence...

CVE-2024-21538

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

CVE-2024-21538

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

CVE-2024-21538

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

braces: fails to limit the number of characters it can handle

A flaw was found in the NPM package braces. It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, causing the program to start allocating heap memory...

protobuf-java has potential Denial of Service issue

Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...

CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

CVE-2024-45306 heap-buffer-overflow in Vim

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

Stack-based Buffer Overflow

github.com/cosmwasm/wasmd is vulnerable to Stack-based Buffer Overflow. The vulnerability is due to improper memory handling, which can lead to stack overflow conditions.This can potentially crash the program or allow attackers to execute arbitrary code...