CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing

A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...

EUVD-2018-11470

Malware in sbrugna...

CVE-2019-15502

The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 FIRST STRONG ISOLATE and U+2067 RIGHT-TO-LEFT ISOLATE...

CVE-2023-52389

UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert and Poco::UTF32::queryConvert may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in...

Integer overflow

UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert and Poco::UTF32::queryConvert may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in...

GHSA-3WFP-253J-5JXV SSRF & Credentials Leak

Summary nuxt-api-party allows developers to proxy requests to an API without exposing credentials to the client. A previous vulnerability allowed an attacker to change the baseURL of the request, potentially leading to credentials being leaked or SSRF. This vulnerability is similar, and was cause...

SUSE CVE-2017-3226

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption i.e., setting the configuration parameter CONFIGENVAES=y read environment variables from disk as the encrypte...

The vulnerability of the telnetd server in the Inetutils network programming package allows a hacker to cause a service failure.

The vulnerability of the telnetd server in the Inetutils network programming package is related to errors in pointer manipulation during byte sequence processing. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

MGASA-2021-0289 Updated glibc packages fix a security vulnerability

A vulnerability was found in the iconv program provided by glibc when it's invoked with the -c option. It can enter an infinite loop while parsing an invalid multi-byte sequence CVE-2016-10228...

CVE-2020-7662

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

Design/Logic Flaw

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

LiteSpeed OpenLiteSpeed Denial of Service Vulnerability

LiteSpeed OpenLiteSpeed is an open source lightweight HTTP server . A denial of service vulnerability exists in LiteSpeed OpenLiteSpeed versions prior to 1.5.0 RC6, which stems from the program's failure to properly handle requests for sequences of bytes, and can be exploited to cause a denial of...

UBUNTU-CVE-2017-3226

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption i.e., setting the configuration parameter CONFIGENVAES=y read environment variables from disk as the encrypte...

Remote Code Execution Bug Found in Ubuntu Quantal

A remote code execution bug has been patched in the default installation of Ubuntu Desktop affecting all default installations of Quantal version 12.10 and later. According to researcher Donncha O’Cearbhaill, the bug allows for code injection when a user opens a specially crafted malicious file...

grep security and bug fix update

2.20-2 - Fixed invalid UTF-8 byte sequence error in PCRE mode by pcre-backported-fixes patch Resolves: rhbz1217080 - Fixed buffer overrun for grep -F Resolves: CVE-2015-1345 - Fixed \w and \W behaviour in multibyte locales Resolves: rhbz1159012 - Documented --fixed-regexp option Resolves:...

freeSSHd 1.3.1 - Denial of Service Vulnerability

Exploit for windows platform in category dos / poc ''' Exploit title: freesshd 1.3.1 denial of service vulnerability Date: 28-8-2015 Vendor homepage: http://www.freesshd.com Software Link: http://www.freesshd.com/freeSSHd.exe Version: 1.3.1 Author: 3unnym00n Details:...

Authentication flaw

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service disk consumption via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987...

Authentication flaw

IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service disk consumption via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958 and CVE-2015-1987...