14 matches found
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the FunctionPushPop. An attacker can cause excessive resource consumption and application instability by triggering deep or infinite recursion through crafted input to the affected process. Remediation There is...
Duplicate Advisory: gix-date can create non-utf8 string with `TimeBuf::as_str`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6mw6-mj76-grwc. This link is maintained to preserve external references. Original Description A flaw was found in gix-date. The gixdate::parse::TimeBuf::asstr function can generate strings containing invalid...
EUVD-2007-2714
Malware in sbrugna...
Race Condition Vulnerability
org.apache.tomcat, tomcat-util is vulnerable to Race Condition Vulnerability. The vulnerability is due to improper synchronization in the APR/Native connector when handling client-initiated HTTP/2 connection closures, which allows an attacker to exploit race conditions potentially leading to...
CVE-2025-5351
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additiona...
CVE-2025-5351
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additiona...
CVE-2025-5351 Libssh: double free vulnerability in libssh key export functions
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additiona...
CVE-2025-5351
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additiona...
CVE-2025-5351
CVE-2025-5351 concerns libssh. The root cause is a double-free in the key export path: during error handling, a memory structure is freed but not cleared, which may lead to heap corruption and application instability, especially in low-memory scenarios. The issue is tied to libssh’s key serializa...
Denial Of Service (DoS)
n8n is vulnerable to Denial of Service DoS. The vulnerability is due to improper input handling due to the /rest/binary-data endpoint failing to safely process empty filesystem:// or filesystem-v2:// URIs, leading to application instability or crashes...
PT-2025-26572 · Unknown +1 · Htacg Tidy-Html5 +1
Name of the Vulnerable Software and Affected Versions: HTACG tidy-html5 version 5.8.0 Description: A vulnerability was found in HTACG tidy-html5, affecting the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to...
SUSE CVE-2023-4807
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...
AZL-78585 CVE-2023-4807 affecting package openssl-fips-provider 3.1.2-1
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...
Code injection
Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service application instability via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence...