PT-2025-7253 · Elliptic · Elliptic

Name of the Vulnerable Software and Affected Versions: elliptic affected versions not specified Description: The issue allows for private key extraction from ECDSA signatures when signing a malformed input, such as a string or a number, which could come from JSON network input. This is possible...

Huawei EulerOS: Security Advisory for python-idna (EulerOS-SA-2024-2601)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PYSEC-2024-60

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...

PT-2024-20220 · Eserver · Ezserver

Name of the Vulnerable Software and Affected Versions: EzServer version 6.4.017 Description: The issue allows a denial of service daemon crash via a long string, such as one for the RNTO command. Recommendations: For EzServer version 6.4.017, consider restricting the length of input strings to...

CVE-2023-2603

A vulnerability was found in libcap. This issue occurs in the libcapstrdup function and can lead to an integer overflow if the input string is close to 4GiB...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

Code injection

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

Moment.js 资源管理错误漏洞

Moment.js is a JavaScript date library. It is used to parse, validate, manipulate and format dates. Moment.js has a security vulnerability that stems from the use of an inefficient parsing algorithm. Users passing user-supplied strings to the moment constructor without sound length checking are...

Cross-site Scripting (XSS)

calibreweb is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to improper sanitize input strings allowing attackers to steal cookies and inject arbitrary code into the victim's web browser...

Cross-site Scripting (XSS)

ckan is vulnerable to cross-site scripting. The library does not properly sanitize input strings, allowing an attacker to inject and execute malicious javascript via SVG file...

Cross-site Scripting (XSS)

nbdime is vulnerable to cross-site scripting. The library does not properly sanitize input strings, allowing an attacker to inject and execute malicious javascript...

GHSA-PW54-MH39-W3HC Regular expression denial of service in npm-user-validate

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

GHSA-VWJC-Q9PX-R9VQ Denial of Service in ecstatic

Versions of ecstatic prior to 1.4.0 are affected by a denial of service vulnerability when certain input strings are sent via the Last-Modified or If-Modified-Since headers. Parsing certain inputs with new Date or Date.parse cases v8 to crash. As ecstatic passes the value of the affected headers...

Design/Logic Flaw

Certain input strings when passed to new Date or Date.parse in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header...

CVE-2015-9242

Certain input strings when passed to new Date or Date.parse in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header...

CVE-2015-9242

CVE-2015-9242 concerns the ecstatic Node.js module. The vulnerability affects versions before 1.4.0 and is triggered when certain input strings are passed via the Last-Modified or If-Modified-Since headers, causing v8 to crash and enabling a denial-of-service condition on the server. The issue st...

CVE-2015-9242

Certain input strings when passed to new Date or Date.parse in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header...

CVE-2014-8170

CVE-2014-8170 affects ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3. The issue stems from ovirt_safe_delete_config in ovirtfunctions.py (and other locations) not properly quoting input strings, enabling arbitrary command execution when a semicolon is included in...

CVE-2015-3639

phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...