Fastify: DoS via Unbounded Memory Allocation in sendWebStream on Fastify v5.7.0+ leads to OOM crash when backpressure is ignored

A vulnerability was discovered in Fastify versions 5.7.0 and later. The issue was in the "sendWebStream" function, which failed to handle TCP backpressure correctly. When a ReadableStream was sent as a response, Fastify continuously pulled data from the stream producer and wrote it to the respons...

CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

Advantech iView 安全漏洞

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from an authentication bypass in the getInventoryReportData parameter of the...

Advantech iView 安全漏洞

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter...

SUSE-SU-2025:20474-1 Security update for afterburn

This update for afterburn fixes the following issues: - Update to version 5.8.2: cargo: Afterburn release 5.8.2 docs/release-notes: update for release 5.8.2 cargo: update dependencies packit: add initial support - Update to version 5.7.0: builddeps: bump crossbeam-channel from 0.5.13 to 0.5.15...

CVE-2023-22278

m-FILTER prior to Ver.5.70R01 Ver.5 Series and m-FILTER prior to Ver.4.87R04 Ver.4 Series allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been...

Vision Helpdesk 安全漏洞

Vision Helpdesk is a customer service software from Vision Helpdesk India. A security vulnerability exists in Vision Helpdesk version 5.7.0 and earlier, which stems from a time-based blind SQL injection...

CVE-2024-56084

An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution...

DEBIAN-CVE-2024-5991

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...

Mattermost Desktop App Security Vulnerability

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App version 5.7.0 and earlier, which stems from an inability to disable certain Electron debugging flags, which allows bypassing TCC restrictions...

Mattermost Desktop App Security Vulnerability

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App version 5.7.0 and earlier, which stems from a failure to properly prompt for permissions when opening an external URL, allowing remote attackers to run arbitrar...

Knot Resolver Security Vulnerability

Knot Resolver is a cached DNS resolver implementation that includes a resolver library and daemon. A security vulnerability exists in Knot Resolver prior to version 5.7.0, which stems from performing many TCP reconnections upon receiving certain meaningless responses from the server...

CVE-2023-34977

A cross-site scripting XSS vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 2023/07/27 and later...

cn.guomw.cloud:framework-cloud-starter-auth (=1.1.0.RELEASE), cn.herodotus.engine:oauth2-sdk-authorization (>=2.7.0.0 <=2.7.0.60) +259 more potentially affected by CVE-2023-34034 via org.springframework.security:spring-security-config (>=5.7.0 <=5.7.1)

org.springframework.security:spring-security-config MAVEN version =5.7.0, =2.7.0.0, =2.7.0.0, =2.7.0.0, =4.2.0, =4.2.0, =4.2.0, =4.2.0, =4.2.0, =4.2.0, =4.4.7 and more Source cves: CVE-2023-34034 Source advisory: OSV:GHSA-3H6F-G5F3-...

SUSE CVE-2022-1809

Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0...

au.csiro.pathling:fhir-server (>=5.3.1 <=6.4.2), au.org.consumerdatastandards:data-holder (>=2.3.0 <=2.4.1) +2391 more potentially affected by CVE-2022-31692 via org.springframework.security:spring-security-core (>=5.7.0 <=5.7.4)

org.springframework.security:spring-security-core MAVEN version =5.7.0, =5.3.1, =2.3.0, =2.4.1 - au.org.consumerdatastandards:mock-data-holder-java =2.6.0 - be.jidoka:jdk-keycloak-admin =1.3.0 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 -...

radare2 缓冲区错误漏洞

radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in radare2 versions prior to 5.7.0 that stems from an out-of-bounds read issue...

CVE-2022-1809

Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0...

UBUNTU-CVE-2022-1809

Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0...

radare2 缓冲区错误漏洞

radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in radare2 versions prior to 5.7.0 that originates from uninitialized pointer access...