Lucene search
+L

566 matches found

RedHat Linux
RedHat Linux
added 2026/02/09 10:26 a.m.6 views

pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID

A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...

7.5CVSS5.7AI score0.00679EPSS
Exploits0References7
NVD
NVD
added 2026/02/04 10:16 p.m.9 views

CVE-2026-25582

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow read vulnerability in CIccIO::WriteUInt16Float when converting malformed XML to ICC profiles via...

7.8CVSS0.0024EPSS
Exploits1References4
CVE
CVE
added 2026/02/04 10:8 p.m.18 views

CVE-2026-25583

The CVE-2026-25583 issue affects iccDEV, where a heap buffer overflow can occur in CIccFileIO::Read8() when processing malformed ICC profile files due to an unchecked fread. This vulnerability is present in versions prior to 2.3.1.3 and is patched in 2.3.1.3. Red Hat and CVE records corroborate t...

7.8CVSS5.6AI score0.0024EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/04 6:50 p.m.4 views

pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID

A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...

7.5CVSS5.7AI score0.00679EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/04 3:36 p.m.6 views

pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID

A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...

7.5CVSS5.7AI score0.00679EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.134 views

📄 NanoMQ 0.24.6 API SQL Rule Engine Buffer Overflow

This script is a proof of concept used to test NanoMQ's API for improper input handling. It sends an intentionally long and malformed SQL alias through the /api/v4/rules endpoint to check whether the service safely rejects the input or crashes. The code does not achieve real remote code execution...

6.5AI score
Exploits0
Veracode
Veracode
added 2026/01/29 11:57 a.m.8 views

Memory Leak

ImageMagick is vulnerable to a memory leak. The vulnerability is due to improper handling of malformed OpenCL device profile XML files in the LoadOpenCLDeviceBenchmark function, which fails to free allocated string memory when elements are not properly closed, allowing an attacker to trigger memo...

5.9AI score
Exploits0
OSV
OSV
added 2026/01/27 4:16 p.m.9 views

AZL-76212 CVE-2025-69421 affecting package openssl 1.1.1k-38

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

7.5CVSS7.4AI score0.00844EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.6 views

AZL-75911 CVE-2025-69421 affecting package edk2 for versions less than 20240524git3e722403cd16-14

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

7.5CVSS6.1AI score0.00844EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/27 4:1 p.m.47 views

CVE-2026-22795 Missing ASN1_TYPE validation in PKCS#12 parsing

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...

0.00144EPSS
Exploits1References6
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in the 389-DS-base

A denial-of-service vulnerability was discovered in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...

5.7CVSS6.6AI score0.00565EPSS
Exploits0References3
OSV
OSV
added 2026/01/26 9:30 p.m.7 views

GHSA-86RF-68F4-2CPH Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2464-8j7c-4cjm. This link is maintained to preserve external references. Original Description A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using...

5.3CVSS5.7AI score0.00357EPSS
Exploits0References6
OSV
OSV
added 2026/01/26 8:16 p.m.8 views

AZL-75449 CVE-2025-11065 affecting package kubevirt 1.6.3-3

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.3AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 8:16 p.m.7 views

AZL-75410 CVE-2025-11065 affecting package docker-buildx 0.14.0-8

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.5AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 8:16 p.m.9 views

AZL-75564 CVE-2025-11065 affecting package rook 1.6.2-27

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.3AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 8:16 p.m.7 views

AZL-75419 CVE-2025-11065 affecting package gh 2.62.0-10

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.6AI score0.00357EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 12:0 a.m.4 views

CVE-2025-56353

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter...

7.5CVSS5.5AI score0.00287EPSS
Exploits1References2
NVD
NVD
added 2026/01/16 7:16 p.m.4 views

CVE-2021-47827

WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...

7.5CVSS0.00402EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/16 7:9 p.m.22 views

CVE-2021-47827 WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service

WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...

7.5CVSS0.00402EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:9 p.m.4 views

CVE-2021-47827

WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...

7.5CVSS5.6AI score0.00402EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder