203 matches found
EUVD-2019-5295
Malware in sbrugna...
EUVD-2023-2072
Malicious code in bioql PyPI...
EUVD-2025-31408
Malicious code in bioql PyPI...
GHSA-FMJH-F678-CV3X github.com/nyaruka/phonenumbers Vulnerable to Improper Validation of Syntactic Correctness of Input
Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...
github.com/nyaruka/phonenumbers Vulnerable to Improper Validation of Syntactic Correctness of Input
Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...
CVE-2025-10954
Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...
libtpms: Libtpms Out-of-Bounds Read Vulnerability
A flaw was found in libtpms. A heap buffer overflow can occur in the tpmsparsepssh function when parsing a malformed Public Signature Key Exchange PSK structure. A local attacker can trigger this overflow by providing a crafted PSK structure to the library. This can lead to a denial of service or...
Linux Distros Unpatched Vulnerability : CVE-2023-46566
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the...
The vulnerabilities of the functions mbedtls_pem_read_buffer() and mbedtls_pk_parse() in the Mbed TLS software allow a attacker to cause a service failure or disclose protected information.
The vulnerability of the mbedtlspemreadbuffer and mbedtlspkparse functions in Mbed TLS is related to an off-by-one error. Exploiting this vulnerability can allow a remote attacker to cause service failures or expose protected information...
The vulnerability of the parse_amd_vsdb() function in the drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c file of the amdgpu kernel in the Linux operating system allows a attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the parseamdvsdb function in the drivers/gpu/drm/amd/display/amdgpudm/amdgpudm.c file of the amdgpu kernel in the Linux operating system is related to reading memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the...
CVE-2023-49551
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsopjsonparse function in the msj.c file...
CVE-2025-25285 @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary By crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the program to hang and results in high CPU utilization. Details The issue occurs in the parse function within the parse.ts...
GHSA-X4C5-C7RF-JJGV @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary By crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the program to hang and results in high CPU utilization. Details The issue occurs in the parse function within the parse.ts...
AZL-54562 CVE-2024-45338 affecting package keda for versions less than 2.4.0-25
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54498 CVE-2024-45338 affecting package cert-manager for versions less than 1.11.2-17
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54534 CVE-2024-45338 affecting package helm for versions less than 3.14.2-5
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54557 CVE-2024-45338 affecting package telegraf for versions less than 1.29.4-10
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54467 CVE-2024-45338 affecting package cni for versions less than 1.1.2-4
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...