Missing Release of File Descriptor or Handle after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...

AZL-44562 CVE-2024-4068 affecting package nodejs-nodemon 2.0.3-5

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

tnef 'parse_file()' function denial of service vulnerability

tnef is a set of programs for decompressing MIME attachments. A security vulnerability in the tnef 'parsefile' function allows an attacker to exploit the vulnerability to submit a special file for a denial-of-service attack that could crash the application...