CVE-2026-41401 libyang - Heap Use-After-Free Write in XML Metadata Parsing

libyang before 5.2.6 contains a heap use-after-free write vulnerability in lydparsersetdataflags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata...

Astra Linux – Vulnerability in ntfs-3g

In NTFS-3G versions 2021.8.22, when specially crafted NTFS attributes are read in the function ntfsattrpreadi, a heap buffer overflow can occur, allowing for writing to arbitrary memory or causing denial of service for the application...

EUVD-2018-0469

Malware in sbrugna...

git: gitattributes parsing integer overflow

A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...

SUSE CVE-2021-33287

In NTFS-3G versions 2021.8.22, when specially crafted NTFS attributes are read in the function ntfsattrpreadi, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application...

git: gitattributes parsing integer overflow

A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...

git: gitattributes parsing integer overflow

A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...

git: gitattributes parsing integer overflow

A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...

In NTFS-3G versions < 2021.8.22 when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.

...

ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes from the MFT , proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

AZL-6750 CVE-2021-33287 affecting package ntfs-3g for versions less than 2021.8.22-1

In NTFS-3G versions 2021.8.22, when specially crafted NTFS attributes are read in the function ntfsattrpreadi, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application...

UBUNTU-CVE-2021-33287

In NTFS-3G versions 2021.8.22, when specially crafted NTFS attributes are read in the function ntfsattrpreadi, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application...

AZL-6748 CVE-2021-33285 affecting package ntfs-3g for versions less than 2021.8.22-1

In NTFS-3G versions 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfsgetattributevalue, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by...

Cisco IOS and IOS XE Software MP-BGP EVPN Denial of Service Vulnerability

A vulnerability in the implementation of Multiprotocol Border Gateway Protocol MP-BGP for the Layer 2 VPN L2VPN Ethernet VPN EVPN address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The...

CVE-2019-16021

Multiple vulnerabilities in the implementation of Border Gateway Protocol BGP Ethernet VPN EVPN functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerabilities are due to incorrect processing of BGP update...

CVE-2019-16020 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of Border Gateway Protocol BGP Ethernet VPN EVPN functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerabilities are due to incorrect processing of BGP update...

Cross site scripting

Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element...

Design/Logic Flaw

When the 'bgp-error-tolerance' feature " designed to help mitigate remote session resets from malformed path attributes " is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that d...

Cross site scripting

Cross-site scripting XSS vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance ASA Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695...

CVE-2014-8012

Cross-site scripting XSS vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance ASA Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695...