CVE-2026-24001 jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

MiracleLinux 8 : git-2.39.3-1.el8 (AXSA:2023-6144:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6144:10 advisory. git: by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

MiracleLinux 8 : libsndfile-1.0.28-16.el8_10 (AXSA:2024-9429:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9429:03 advisory. libsndfile: Segmentation fault error in oggvorbis.c:417 vorbisanalysiswrote CVE-2024-50612 Tenable has extracted the preceding description block directly fro...

jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

Impact Attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore...

GHSA-73RR-HH4G-FPGX jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

Impact Attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore...

MiracleLinux 7 : rsync-3.1.2-12.0.4.el7.AXS7 (AXSA:2025-9719:05)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9719:05 advisory. quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a ve...

CVE-2021-28846

A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\...

CVE-2022-38539

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply...

CVE-2022-26285

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parsePatch and applyPatch functions if the user input passed without sanitisation. An attacker can cause the proce...

CVE-2025-14942

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

CVE-2023-53856

In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call ofoverlayremove to clean up this partial state. However, ofoverlayapply calls...

SUSE CVE-2023-53856

In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call ofoverlayremove to clean up this partial state. However, ofoverlayapply calls...

EUVD-2023-60140

In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call ofoverlayremove to clean up this partial state. However, ofoverlayapply calls...

DEBIAN-CVE-2023-53856

In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call ofoverlayremove to clean up this partial state. However, ofoverlayapply calls...

CVE-2023-53856

In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call ofoverlayremove to clean up this partial state. However, ofoverlayapply calls...

CVE-2023-53856 of: overlay: Call of_changeset_init() early

In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call ofoverlayremove to clean up this partial state. However, ofoverlayapply calls...

CVE-2023-53856

The CVE-2023-53856 vulnerability in the Linux kernel is fixed by moving of_changeset_init() initialization from init_overlay_changeset() to of_overlay_fdt_apply(), so the changeset is properly initialized before potential cleanup when overlay application fails. The root cause was that of_resolve_...

Linux Distros Unpatched Vulnerability : CVE-2023-53856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call...

EUVD-2025-199814

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...