52 matches found
PT-2026-47560
Impact Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a On² algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add metho...
CVE-2026-35599
Summary: CVE-2026-35599 affects Vikunja prior to version 2.3.0, where addRepeatIntervalToTime uses an O(n) loop to advance a date by RepeatAfter until it passes now. When a repeating task uses a 1-second interval and an old due_date, this can trigger billions of iterations, causing high CPU usage...
EUVD-2023-29157
Malicious code in bioql PyPI...
RLSA-2024:2980 Moderate: harfbuzz security update
HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...
Linux Distros Unpatched Vulnerability : CVE-2023-25193
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base...
Amazon Linux 2 : harfbuzz (ALAS-2024-2587)
The version of harfbuzz installed on the remote host is prior to 1.7.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2587 advisory. hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the proces...
Medium: harfbuzz
Issue Overview: hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks. CVE-2023-25193 Affected Packages: harfbuzz Note: This advisory is applicable to Amazon Linux 2...
harfbuzz security update
1.7.5-4 - Resolves:RHEL-8400 allows attackers to trigger On^2 growth via consecutive marks...
RHEL 8 : harfbuzz (RHSA-2024:2980)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2980 advisory. HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks...
Moderate: Red Hat Security Advisory: harfbuzz security update
An update for harfbuzz is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
ALSA-2024:2980 Moderate: harfbuzz security update
HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...
EulerOS Virtualization 3.0.6.6 : harfbuzz (EulerOS-SA-2024-1652)
According to the versions of the harfbuzz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the...
Huawei EulerOS: Security Advisory for harfbuzz (EulerOS-SA-2024-1652)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: harfbuzz security update
An update for harfbuzz is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Moderate: harfbuzz security update
HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...
Huawei EulerOS: Security Advisory for harfbuzz (EulerOS-SA-2024-1142)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : harfbuzz (EulerOS-SA-2024-1142)
According to the versions of the harfbuzz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking...
EulerOS Virtualization 3.0.6.0 : harfbuzz (EulerOS-SA-2023-3432)
According to the versions of the harfbuzz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the...
EulerOS 2.0 SP11 : grpc (EulerOS-SA-2023-3007)
According to the versions of the grpc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exception...
Potential DDOS
Lines of code Vulnerability details Impact With three loops, and an On+ 0n2 complexity this could cause DOS with users not being able to call this functions Proof of Concept Tools Used Recommended Mitigation Steps Assessed type DoS --- The text was updated successfully, but these errors were...