CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

SUSE CVE-2016-10199

The qtdemuxtagaddstrfull function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted tag value...

Cloud Native Computing Foundation Harbor 安全漏洞

Cloud Native Computing Foundation Harbor is an open source trusted cloud native registry from the Cloud Native Computing Foundation. The product is primarily used to store, sign, and scan container images for vulnerabilities. A security vulnerability exists in Cloud Native Computing Foundation...

OrchardCMS 跨站脚本漏洞

OrchardCMS is an open source modular and multi-tenant application framework built using ASP.NET Core and the content management system CMS built on top of it. A cross-site scripting vulnerability exists in orchardcore OrchardCMS versions prior to 1.10.3, which can be exploited by attackers with l...

ALPINE-CVE-2017-5845

The gstavidemuxparsencdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service invalid memory read and crash via a ncdt sub-tag that "goes behind" the surrounding tag...

ALPINE-CVE-2017-5841

The gstavidemuxparsencdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds heap read via vectors involving ncdt tags...

CVE-2017-5843

Multiple use-after-free vulnerabilities in the 1 gstminiobjectunref, 2 gsttaglistunref, and 3 gstmxfdemuxupdateessencetracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service crash via vectors involving stream tags, as demonstrated by 02785736.mxf...

CVE-2017-5837

The gstriffcreateaudiocaps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service floating point exception and crash via a crafted video file...

PT-2016-5017 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.10.3 Foreman version 1.11.0 before 1.11.0-RC2 Description: The issue allows remote authenticated users to read, modify, or delete private bookmarks by leveraging the edit bookmarks or destroy bookmarks permission...

wireshark: TCP dissector crash (wnpa-sec-2013-65)

epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service application crash via a crafted packet...