Lucene search
K

11 matches found

OSV
OSV
added 2026/05/07 11:52 a.m.3 views

SUSE-SU-2026:1750-1 Security update for librsvg

This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...

6.8CVSS5.8AI score0.00291EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 11:8 a.m.3 views

SUSE-SU-2026:21377-1 Security update for librsvg

This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...

6.8CVSS5.3AI score0.00291EPSS
Exploits0References3
Amazon
Amazon
added 2026/04/14 12:0 a.m.20 views

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

9.1CVSS5.8AI score0.01079EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/03/05 10:49 a.m.5 views

Security update for virtiofsd

This update for virtiofsd fixes the following issue: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257912. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

8.7CVSS5.9AI score0.00291EPSS
Exploits0References4
OSV
OSV
added 2026/02/17 2:6 p.m.5 views

SUSE-SU-2026:20575-1 Security update for wicked2nm

This update for wicked2nm fixes the following issues: - Update to version 1.4.1 - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257908...

6.8CVSS5.8AI score0.00291EPSS
Exploits0References3
OSV
OSV
added 2026/02/13 2:57 p.m.6 views

SUSE-SU-2026:0514-1 Security update for cargo-auditable

This update for cargo-auditable fixes the following issues: Update to version 0.7.20. Security issues fixed: - CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257906. Other updates and bugfixes: - Update to version 0.7.20: mention...

6.8CVSS6AI score0.00291EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 8 : ruby:2.6 (AXSA:2022-3073:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3073:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

9.3CVSS8.6AI score0.06307EPSS
Exploits5References7
Amazon
Amazon
added 2023/11/15 12:0 a.m.5 views

Medium: ruby

Issue Overview: A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service ReDoS during the parsing of dates. This flaw allows an attacker to hang a ruby application by providing a specially crafted date string. The highest threat to this...

7.5CVSS6.8AI score0.03222EPSS
Exploits1
OSV
OSV
added 2022/09/13 7:36 a.m.33 views

RLSA-2022:6450 Moderate: ruby:3.0 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109431 Security Fixes: ruby: Regular expression denial of...

7.7CVSS8.4AI score0.04127EPSS
Exploits2References7
Debian CVE
Debian CVE
added 2020/07/09 2:39 p.m.22 views

CVE-2020-12425

Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...

6.5CVSS7.9AI score0.01362EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.6 views

Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information

The vulnerability exists in the scan function in ext/date/lib/parseisointervals.c in PHP, due to an incorrect limitation on the creation of DateInterval objects. Exploiting this vulnerability allows malicious actors, operating remotely, to trigger a service failure reading beyond the buffer in...

5CVSS7.7AI score0.04575EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder