UBUNTU-CVE-2026-46023

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...

PT-2026-43890

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in create dirty log The argument count calculation in create dirty log performs args used = 2 + param count before validating against argc. When a user provides a param count close to UINT MAX via...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

GHSA-WQCH-XFXH-VRR4 body-parser is vulnerable to denial of service when url encoding is used

Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...

CVE-2025-13466

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

EUVD-2017-8966

Malware in sbrugna...

CVE-2025-59830

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

EUVD-2025-30847

Malicious code in bioql PyPI...

CVE-2020-11187

Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile...

Heap-based Buffer Overflow

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in v8, when processing a very large number of parameters. Remediation A fix was...

SUSE CVE-2023-28709

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

UBUNTU-CVE-2023-28709

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

CVE-2020-11187

Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile...

CVE-2020-11187

CVE-2020-11187 impacts Qualcomm Snapdragon firmware components (Auto/Connectivity/Mobile) where a memory corruption could result from improper validation of a parameter count in the BSI module. The public description documents memory corruption as the issue’s core, with a CVSS base of 7.2 (AV:L/A...

Qualcomm UTILS Input Validation Error Vulnerability

Qualcomm UTILS is a Qualcomm Incorporated USA support component used in chips. A security vulnerability exists in Qualcomm UTILS that originates from a BSI module that may result in memory corruption due to improper parameter count validation...

DEBIAN-CVE-2017-17815

In Netwide Assembler NASM 2.14rc0, there is an illegal address access in ismmacro in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts...