PT-2026-47560

Impact Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a On² algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add metho...

CVE-2026-35599

Summary: CVE-2026-35599 affects Vikunja prior to version 2.3.0, where addRepeatIntervalToTime uses an O(n) loop to advance a date by RepeatAfter until it passes now. When a repeating task uses a 1-second interval and an old due_date, this can trigger billions of iterations, causing high CPU usage...

EUVD-2023-29157

Malicious code in bioql PyPI...

RLSA-2024:2980 Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...

Linux Distros Unpatched Vulnerability : CVE-2023-25193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base...

Amazon Linux 2 : harfbuzz (ALAS-2024-2587)

The version of harfbuzz installed on the remote host is prior to 1.7.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2587 advisory. hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the proces...

Medium: harfbuzz

Issue Overview: hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks. CVE-2023-25193 Affected Packages: harfbuzz Note: This advisory is applicable to Amazon Linux 2...

RHEL 8 : harfbuzz (RHSA-2024:2980)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2980 advisory. HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks...

harfbuzz security update

1.7.5-4 - Resolves:RHEL-8400 allows attackers to trigger On^2 growth via consecutive marks...

Moderate: Red Hat Security Advisory: harfbuzz security update

An update for harfbuzz is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

ALSA-2024:2980 Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...

EulerOS Virtualization 3.0.6.6 : harfbuzz (EulerOS-SA-2024-1652)

According to the versions of the harfbuzz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the...

Huawei EulerOS: Security Advisory for harfbuzz (EulerOS-SA-2024-1652)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: harfbuzz security update

An update for harfbuzz is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...

Huawei EulerOS: Security Advisory for harfbuzz (EulerOS-SA-2024-1142)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : harfbuzz (EulerOS-SA-2024-1142)

According to the versions of the harfbuzz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking...

EulerOS 2.0 SP11 : grpc (EulerOS-SA-2023-3007)

According to the versions of the grpc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exception...

EulerOS Virtualization 3.0.6.0 : harfbuzz (EulerOS-SA-2023-3432)

According to the versions of the harfbuzz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the...

Potential DDOS

Lines of code Vulnerability details Impact With three loops, and an On+ 0n2 complexity this could cause DOS with users not being able to call this functions Proof of Concept Tools Used Recommended Mitigation Steps Assessed type DoS --- The text was updated successfully, but these errors were...