264 matches found
Decimal 资源管理错误漏洞
Decimal is a arbitrary-precision decimal arithmetic library developed by Eric Meadows-Jönsson. In versions 0.1.0 to 3.0.0 of Decimal, there was a resource management vulnerability. This vulnerability stemmed from the lack of restrictions on the parsed exponents, which could lead to unauthorized...
GHSA-RRJR-V56M-WW88 ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width
DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this could lead to a stack overflow. In a service environment, this would potentially take down a service. This affects applicatio...
ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width
DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this could lead to a stack overflow. In a service environment, this would potentially take down a service. This affects applicatio...
is-localhost-ip 2.0.0 - SSRF
Titles: is-localhost-ip 2.0.0 - SSRF Author: nu11secur1ty Date: 11/09/2025 Vendor: https://github.com/tinovyatkin/is-localhost-ip Software: https://github.com/tinovyatkin/is-localhost-ip/releases/tag/v2.0.0 Reference: https://portswigger.net/web-security/ssrf Description: SSRF PoC — Professional...
CVE-2026-33176
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...
CVE-2026-33176
CVE-2026-33176 — Active Support (Rails) number helpers incorrectly accept strings containing scientific notation (e.g., 1e10000). When expanded by BigDecimal, this can trigger extremely large decimal representations, leading to excessive memory and CPU usage and a potential DoS. The patch is incl...
CVE-2026-33176 Rails Active Support has a possible DoS vulnerability in its number helpers
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...
CLSA-2026-1770040438 kernel: Fix of 14 CVEs
efivarfs: Fix slab-out-of-bounds in efivarfsdcompare CVE-2025-39817 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 - libceph: fix potential use-after-free in havemonandosdmap CVE-2025-68285 - scsi: lpfc: Fix...
CVE-2025-69209 ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors
ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...
CVE-2025-69209 ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors
ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...
CVE-2025-69209
ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...
EUVD-2025-206313
ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...
MAL-2025-192414 Malicious code in mongo-decimal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31ef468b36fa90f39d081db22602ad19c8c84bfa3416e3b471eebaaad2919bf The package mongo-decimal was found to contain malicious code. Source: ghsa-malware e32897d62825ec82598cd1de92099161013a0fc84c60add6ec1c9496320ab58d...
Malicious Package
Overview mongo-decimal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2025-202363
Malicious code in mongo-decimal npm...
Malicious code in mongo-decimal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d31ef468b36fa90f39d081db22602ad19c8c84bfa3416e3b471eebaaad2919bf The package mongo-decimal was found to contain malicious code. Source: ghsa-malware e32897d62825ec82598cd1de92099161013a0fc84c60add6ec1c9496320ab58d...
Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2018-18928)
International Components for Unicode ICU for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString in i18n/numberdecimalquantity.cpp. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
DEBIAN-CVE-2025-62496
A vulnerability exists in the QuickJS engine's BigInt string parsing logic jsbigintfromstring when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits nbits required to store the BigInt using the formula:...
EUVD-2021-18354
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-27387
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimalbinsize, which is exploited via specially crafted SQL...