271 matches found
UBUNTU-CVE-2026-23490
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2...
CVE-2026-23490
CVE-2026-23490 affects the Python ASN.1 library pyasn1. Prior to 0.6.2, a Denial-of-Service condition can cause memory exhaustion via malformed RELATIVE-OID with excessive continuation octets. The issue is fixed in 0.6.2. Affected versions are those before the upgrade; CVSS v3.1 base score is 7.5...
CVE-2026-21875 ClipBucket v5 Vulnerable to Blind SQL Injection through Channel Comments
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...
CVE-2023-54110
In the Linux kernel, the following vulnerability has been resolved: usb: rndishost: Secure rndisquery check against int overflow Variables off and len typed as uint32 in rndisquery function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a...
GHSA-4QG8-FJ49-PXJH Sigstore Timestamp Authority allocates excessive memory during request parsing
Impact Excessive memory allocation Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type header which is also untrusted data on an application string...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the api.ParseJSONRequest or api.getContentType functions. An attacker can cause excessive memory consumption by sending requests with either an excessively long OID containing man...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the api.ParseJSONRequest or api.getContentType functions. An attacker can cause excessive memory consumption by sending requests with either an excessively long OID containing man...
CVE-2025-66564
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...
UBUNTU-CVE-2025-66564
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...
CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...
node-forge ASN.1 OID Integer Truncation
...
CVE-2025-66030
CVE-2025-66030 (node-forge) is a vulnerability in the Forge/ node-forge TLS implementation for JavaScript. The issue is an integer overflow in versions 1.3.1 and earlier, allowing remote, unauthenticated attackers to craft ASN.1 structures with oversized arcs. These arcs can be decoded as smaller...
CVE-2025-66030 node-forge ASN.1 OID Integer Truncation
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
EUVD-2025-199768
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
node-forge 输入验证错误漏洞
node-forge is a software application. A WebJar for node-forge. An input validation error vulnerability exists in node-forge 1.3.1 and prior versions, which stems from an integer overflow that could allow a remote, unauthenticated attacker to bypass OID-based security decisions...
CVE-2025-65647
Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...
CVE-2025-65647
Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...
EUVD-2001-1302
Malware in sbrugna...
EUVD-2019-9171
Malware in sbrugna...
EUVD-2017-16767
Malware in sbrugna...