PT-2026-25869

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the ucl object emit function when parsing and emitting the...

CVE-2025-27378

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

EUVD-2016-9857

Malware in sbrugna...

Medium: soci-snapshotter

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: soci-snapshotter Note: This advisory is applicable to...

Rack 安全漏洞

Rack is a modular Ruby web server interface open-sourced by Rack. Rack has a security vulnerability that originates from the ability to manipulate log entries by crafting input that contains line breaks to utilize Rack::CommonLogger...

AZL-54477 CVE-2024-45338 affecting package buildah 1.18.0-29

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

DEBIAN-CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54540 CVE-2024-45338 affecting package gh for versions less than 2.13.0-24

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54440 CVE-2024-45338 affecting package containerized-data-importer for versions less than 1.57.0-8

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

UBUNTU-CVE-2022-44572

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of servi...

DEBIAN-CVE-2021-44510

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, attackers can cause a calculation of the size of calls to memset in opfnj3 in srport/opfnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the...

UBUNTU-CVE-2021-44504

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memc...

Command Execution Vulnerability in FameView Configuration Software of Beijing Jiezhong Technology Co.

FameView configuration software is a high-performance configuration and monitoring software independently developed by Beijing Jiezhong Company based on the Windows operating system with many years of experience in engineering applications and services, providing economical and perfect automation...