Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-021473)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021473 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed i...

South River WebDrive 安全漏洞

South River WebDrive is a software developed by South River Corporation that allows cloud storage or enterprise file servers to be mapped as local drives. Version 18.00.5057 of South River WebDrive contains a security vulnerability. This vulnerability stems from a denial-of-service vulnerability ...

DEBIAN-CVE-2020-37127

Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcprelease utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcprelease process by sending a crafted input string longer than 16...

EUVD-2023-40603

Malicious code in bioql PyPI...

commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values. Remediation There is no fixed version for commons-lang:commons-lang...

CVE-2025-6170

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare...

CVE-2023-36659

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the expand function, which is prone to catastrophic backtracking on very long malicious inputs. PoC js import index from...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the parseExpression function in parser.go, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees ASTs. An attacker can crash...

USN-7153-1 php7.0, php7.2 vulnerability

It was discovered that PHP incorrectly handled long string inputs in two database drivers. An attacker could possibly use this issue to write files in locations they would not normally have access to. CVE-2024-11236...

python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()

A vulnerability was found in Python-Django in the getsupportedlanguagevariant function. The issue triggers when parsed with very long strings, including a specific set of characters, leading to a potential denial of service attack...

Uncontrolled Resource Consumption ('Resource Exhaustion')

Overview Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' due to the parse and parsenat functions. An attacker can cause a denial of service by sending specially crafted inputs that are excessively long. Workaround Ensure that Fugit.parse...

OESA-2024-1974 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. getsupportedlanguagevariant was subject to a potential denial-of-service attack when used with very...

PYSEC-2024-86

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...

CVE-2023-36659

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...

CVE-2023-36659

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...

CVE-2023-36659

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...

SUSE CVE-2012-5667

Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow...

PT-2022-20550

Name of the Vulnerable Software and Affected Versions moment versions prior to 2.29.4 Description The issue is related to an inefficient parsing algorithm used in the moment JavaScript date library, specifically in the string-to-date parsing and rfc2822 parsing. This results in quadratic complexi...