60 matches found
AZL-71255 CVE-2025-61729 affecting package golang 1.26.0-1
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
CVE-2025-61729
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
EUVD-2004-1876
Malware in sbrugna...
Malicious code in fk-cs-dashboards-dt-error-string (npm)
The package fk-cs-dashboards-dt-error-string was found to contain malicious code...
MAL-2025-20648 Malicious code in fk-cs-dashboards-dt-error-string (npm)
The package fk-cs-dashboards-dt-error-string was found to contain malicious code...
WeGIA Denial of Service Vulnerability
WeGIA is a web manager for welfare organizations. WeGIA suffers from a denial of service vulnerability that stems from the length of the errorstr parameter not being validated, which can be exploited by an attacker to cause a denial of service...
Rootstock Labs: Crafted smart contract can take ~23 seconds to execute due to immense error string construction
The crafted smart contract can take approximately 23 seconds to execute due to the immense error string construction. The vulnerability was caused by the native contract's implementation, which constructed the entirety of the input message as a hex string for logging and throwing an exception. Th...
SUSE CVE-2014-9157
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string...
SUSE-SU-2020:1350-1 Security update for bind
This update for bind fixes the following issues: Security issues fixed: - CVE-2020-8616: Fixed the insufficient limit on the number of fetches performed when processing referrals bsc1171740. - CVE-2020-8617: Fixed a logic error in code which checks TSIG validity bsc1171740. Non-security issue...
Updated graphviz packages fix CVE-2014-9157
Updated graphviz packages fix security vulnerability: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string...
Format string
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string...
CVE-2014-9157
Summary (CVE-2014-9157): Affected software is Graphviz, specifically the format string vulnerability in the yyerror function (lib/cgraph/scan.l). The issue allows remote attackers to cause unspecified impact via format string specifiers in error strings. Connected documents reference multiple ven...
CVE-2014-9157
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string...
CVE-2014-9157
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string...
UBUNTU-CVE-2014-9157
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string...
CVE-2002-2253
Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier allow remote attackers to execute arbitrary code via 1 a long header name, 2 a long IMAP flag, or 3 a script that generates a large number of errors that overflow the resulting error string...
CVE-2002-2253
Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier allow remote attackers to execute arbitrary code via 1 a long header name, 2 a long IMAP flag, or 3 a script that generates a large number of errors that overflow the resulting error string...
ALLO ALLO WS_FTP Server
Advisory Name: ALLO ALLO WSFTP Server Impact : Arbitrary code execution as SYSTEM Discovered by: Hugh Mann [email protected] Tested progs : Ipswitch WSFTP Server 4.0.2.EVAL Description A user who can upload files, and also has a max number of files limit or max total file size limit, can read...
CVE-1999-1099
Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user...