Inefficient Regular Expression Complexity in koa

Summary Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. PoC Coming soon. Impact This is a Regex Denial-of-Service attack and causes memory exhaustion. The regex should be improved and empty...

CVE-2025-1207

A vulnerability was found in phjounin TFTPD64 4.64. It has been declared as problematic. This vulnerability affects unknown code of the component DNS Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The complexity of an attack is rather...

CVE-2025-1207 phjounin TFTPD64 DNS denial of service

A vulnerability was found in phjounin TFTPD64 4.64. It has been declared as problematic. This vulnerability affects unknown code of the component DNS Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The complexity of an attack is rather...

CVE-2025-1207

CVE-2025-1207 affects phjounin TFTPD64 4.64, specifically exploiting the DNS Handler component to cause a denial of service. The vulnerability allows local-network exploitation with relatively high complexity; public disclosure has occurred. Several sources corroborate an impact limited to availa...

CVE-2025-1182

A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfdelfrelocsymboldeletedp of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an atta...

CVE-2025-1182 GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption

A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfdelfrelocsymboldeletedp of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an atta...

CVE-2025-1182 GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption

A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfdelfrelocsymboldeletedp of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an atta...

CVE-2025-1180

A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function bfdelfwritesectionehframe of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an...

CVE-2025-1181

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function bfdelfgcmarkrsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather...

CVE-2025-1180

A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function bfdelfwritesectionehframe of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an...

CVE-2025-1181 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function bfdelfgcmarkrsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather...

CVE-2025-1181 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function bfdelfgcmarkrsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather...

CVE-2025-1181

GNU Binutils 2.43 contains a memory corruption vulnerability in ld: the function _bfd_elf_gc_mark_rsec in bfd/elflink.c is affected, enabling a remote exploit with high attack complexity as per CVSS-derived notes. The exposure is linked to memory corruption in the ld component, and a patch is ref...

CVE-2025-1180

The CVE-2025-1180 issue affects GNU Binutils 2.43, specifically the _bfd_elf_write_section_eh_frame function in bfd/elf-eh-frame.c used by ld. It causes memory corruption and can be triggered remotely; attack complexity is high, and exploitation is possible after disclosure. The available sources...

CVE-2025-1176

Affected software : GNU Binutils 2.43, specifically the ld component and the function _bfd_elf_gc_mark_rsec in elflink.c. Vulnerability : heap-based buffer overflow. Impact/conditions : may be exploited remotely; attack complexity is high; privileges required: none; user interaction required. Exp...

CVE-2022-35202

A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain non-default scenarios, to gain access to the private keys used for signing SAML Authn requests. The underlying issue is a Java keystore that may become accessible and downloadable via WebDAV. This keystor...

CVE-2022-35202

CVE-2022-35202 affects Sitevision 10.3.1 and earlier. The underlying issue is a Java keystore that may become accessible and downloadable via WebDAV, protected by a low-complexity, auto-generated password. This could allow a remote attacker, in certain non-default scenarios, to gain access to the...

CVE-2025-1153 GNU Binutils format.c bfd_set_format memory corruption

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfdsetformat of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The...

CVE-2025-1153

GNU Binutils 2.43/2.44 contains a memory-corruption vulnerability in bfd_set_format within format.c. The issue can be triggered remotely; attack complexity is high and no privileges are required. A fix is available in Binutils 2.45, with patch identifier 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. ...

CVE-2025-1152

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...