235 matches found
PT-2025-32166 · Nvidia · Nvidia Triton Inference Server
Name of the Vulnerable Software and Affected Versions: NVIDIA Triton Inference Server for Windows and Linux affected versions not specified Description: NVIDIA Triton Inference Server is susceptible to an integer overflow triggered by specially crafted inputs. Successful exploitation of this issu...
Security update for python310
This update for python310 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2025:02597-1 Security update for python310
This update for python310 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705...
CVE-2025-50572
Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their produ...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write via improper bounds checking in the process of binary file handling. An attacker can cause memory corruption or potentially execute arbitrary code by providing crafted input files. Remediation A fix was pushed into t...
DEBIAN-CVE-2025-6069
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...
UBUNTU-CVE-2025-6069
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...
CVE-2025-6069
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...
PT-2025-25656
Name of the Vulnerable Software and Affected Versions html.parser.HTMLParser affected versions not specified Description The issue concerns the html.parser.HTMLParser class, which has worse-case quadratic complexity when processing certain crafted malformed inputs. This could potentially lead to...
Regular Expression Denial of Service (ReDoS)
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in multiple locations in the code. An attacker can cause a denial of service by supplying specially craft...
CVE-2021-40896
A Regular Expression Denial of Service ReDOS vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails...
CVE-2021-29571
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...
AZL-61919 CVE-2025-23166 affecting package nodejs for versions less than 20.14.0-9
The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...
php: Reference counting in php_request_shutdown causes Use-After-Free
A flaw was found in PHP. This vulnerability allows remote code execution via a crafted code path involving the set magic method or the null coalescing assignment ??= operator, in combination with exception handling. Attackers can trigger a use-after-free condition by controlling the memory layout...
Inefficient Algorithmic Complexity
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the inputprocessorforphi4mm function. An attacker can cause the application to consume excessive resource...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the manipulation of the Name argument. An attacker can cause the application to consume excessive resources leading to a denial of service by sending crafted inputs designed to trigger...
BIT-PHP-MIN-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free
In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...
BIT-PHP-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free
In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...
CVE-2024-11235
A flaw was found in PHP. This vulnerability allows remote code execution via a crafted code path involving the set magic method or the null coalescing assignment ??= operator, in combination with exception handling. Attackers can trigger a use-after-free condition by controlling the memory layout...
CVE-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free
In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...