PT-2025-19322

Name of the Vulnerable Software and Affected Versions Synology Router Manager SRM affected versions not specified FileStation affected versions not specified Description A security issue exists in Synology Router Manager SRM related to insufficient protection of service data. Remote attackers may...

[SECURITY] [DLA 4082-1] ruby2.7 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4082-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès March 10, 2025 https://wiki.debian.org/LTS -...

CVE-2025-2097

CVE-2025-2097 affects TOTOLINK EX1800T (firmware 9.1.0cu.2112_B20220316). The vulnerability lies in the function setRptWizardCfg in /cgi-bin/cstecgi.cgi where manipulating the loginpass parameter causes a stack-based buffer overflow. Reports indicate the attack can be initiated remotely and that ...

CVE-2025-2095

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has...

Denial Of Service (DoS)

CGI is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of a length limit on raw cookie values in the CGI::Cookie.parse method, allowing excessively large cookies to consume system resources...

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution RCE flaw in the PHP-CGI implementation of PHP on Windows, to gai...

[SECURITY] Fedora 41 Update: man2html-1.6-39.g.fc41

man2html is a man page to HTML converter. This package contains CGI scripts that allow you to view, browse, and search man pages using a web server...

Regular Expression Denial Of Service (ReDoS)

CGI is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the UtilescapeElement method, allowing an attacker to cause denial of service through excessive backtracking with crafted input...

Medium: php8.3

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

Medium: php8.2

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

Linux Distros Unpatched Vulnerability : CVE-2025-27219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does...

Internet Bug Bounty: [CVE-2025-27220] ReDoS in CGI::Util#escapeElement

The cgi gem contains a vulnerability in the CGI::UtilescapeElement method that is susceptible to Regular Expression Denial of Service ReDoS. This vulnerability has been assigned the CVE identifier CVE-2025-27220. Users are advised to upgrade the cgi gem to address this issue...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

AZL-57938 CVE-2025-27220 affecting package ruby for versions less than 3.3.5-3

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

DEBIAN-CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

AZL-57791 CVE-2025-27220 affecting package ruby for versions less than 3.1.4-9

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

DEBIAN-CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...