GHSA-29MW-WPGM-HMR9 Regular Expression Denial of Service (ReDoS) in lodash

All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Steps to reproduce provided by reporter Liyuan Chen: js var lo = require'lodash'; function buildblankn var ret = "1" for var i = 0; i n; i++ r...

Inconsistent ERC20 function may lead to DOS and unexpected behaviour

Handle gzeon Vulnerability details Impact There are 2 important yet similar concept in this wrapper contract, namely "SHARE" and "BALANCE". SHARE equivalent to the number of underlying ibbtc and is stored in balance as the native value, while BALANCE is SHAREpricepershare and is the return value ...

PT-2024-11254 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.0-rc3+ Description: The vulnerability is a use-after-free issue in the mlx5e encap take function, which can be triggered by concurrent encap entry insertion/deletion. This can lead to a use-after-free error...

CVE-2020-27830

A vulnerability was found in Linux Kernel where in the spkttyioreceivebuf2 function, it would dereference spkttyiosynth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash...

GPAC Reuse After Release Vulnerability

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A post-release reuse vulnerability exists in the gfisomboxdel function in isomedia/boxfuncs.c in GPAC versions 0.8.0 and 1.0.1. No detailed vulnerability details are provided at this time...

Denial of service

An issue was discovered in the sendsecuremsg function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy call that will crash the running process. This could be used by an attacker ...

CVE-2020-24345

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

UBUNTU-CVE-2019-16217

WordPress before 5.2.3 allows XSS in media uploads because wpajaxuploadattachment is mishandled...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-346)

This update for java-180-openjdk to version jdk8u201 icedtea 3.11.0 fixes the following issues: Security issues fixed : - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl bsc1122293. - CVE-2018-11212: Fixed an issue in allocsarray function in jmemmgr.c bsc1122299. Complete list of...

Heap overflow

The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all...

DEBIAN-CVE-2018-14453

An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData1 access in the function store16 in helper.h...

Legal Robot: Profile shows incorrect account creation date

Hi Team, I get to know that you are using showing joined time. it's contain design issue. I think that you show for once user login in to their account and it should show from howmany minutes that user logged in? but i can see here a design issue, is that whenever we refresh page...

OPENSUSE-SU-2017:1756-1 Security update for kdepim, messagelib

This update for kdepim and messagelib fixes the following issues: - CVE-2017-9604: The kmail 'send later' function does not have 'sign/encryption' action ensured. boo1044210...

The vulnerabilities of Firefox ESR and Firefox, the rendering software Graphite 2, allow attackers to induce service failures or exert other effects.

The vulnerability of the graphite2::GlyphCache::glyph function in Firefox ESR and Firefox browsers is caused by buffer overflow. Exploiting this vulnerability can allow an attacker to cause service interruptions or other effects using a specially created Graphite smart font...

The vulnerability of the PostgreSQL database management system allows a attacker to cause a service failure or read arbitrary portions of the server’s memory.

The vulnerability of the crypt function in the contrib/pgcrypto component of the PostgreSQL database management system is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to cause service failures or read arbitrary portions of the...

Slackware: Security Advisory (SSA:2005-251-04)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP 5.2.x < 5.2.15 Multiple Vulnerabilities

Binary data 801097.prm...

PSF-2010-6 smtpd accept bug and race condition

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to condu...

PT-2009-5970 · Httpdx · Httpdx

Name of the Vulnerable Software and Affected Versions: httpdx versions 1.4 through 1.4.3 Description: The issue is a stack-based buffer overflow in the h handlepeer function, located in http.cpp. This can be triggered by remote attackers sending a long HTTP GET request, potentially causing a deni...