Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2026-122 (ALASDOCKER-2026-122)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-122 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-125 (ALASDOCKER-2026-125)

The version of runc installed on the remote host is prior to 1.3.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-125 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a...

OSV-2026-796 UNKNOWN READ in processXDR

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515065185 Crash type: UNKNOWN READ Crash state: processXDR nmeaparse genericparseinput...

UBUNTU-CVE-2026-21717

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...

OSV-2026-259 Use-of-uninitialized-value in tsip_parse_input

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=484859694 Crash type: Use-of-uninitialized-value Crash state: tsipparseinput gpsdpoll FuzzDrivers.c...

OSV-2026-226 UNKNOWN WRITE in decode_xa2_00

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=482909898 Crash type: UNKNOWN WRITE Crash state: decodexa200 tsipparseinput gpsdpoll...

Linux Distros Unpatched Vulnerability : CVE-2025-70299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap overflow in the aviparseinputfile function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted AVI file. CVE-2025-70299 Note...

CVE-2025-70299

A heap overflow in the aviparseinputfile function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted AVI file...

CVE-2025-70299

A heap overflow in the aviparseinputfile function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted AVI file...

UBUNTU-CVE-2025-70299

A heap overflow in the aviparseinputfile function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted AVI file...

GPAC 安全漏洞

GPAC is an open source multimedia framework. GPAC has a heap buffer overflow vulnerability that stems from the aviparseinputfile function failing to properly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...

EUVD-2026-2719

A heap overflow in the aviparseinputfile function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted AVI file...

CVE-2025-15284

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

PT-2025-39710

Name of the Vulnerable Software and Affected Versions github.com/nyaruka/phonenumbers versions prior to 1.2.2 Description The package contains an issue related to improper validation of input syntax within the phonenumbers.Parse function. Providing specifically crafted input can lead to a panic,...

USN-7197-1 golang-golang-x-net vulnerability

Guido Vranken discovered that Go Networking handled input to the Parse functions inefficiently. An attacker could possibly use this issue to cause denial of service. This update addresses the issue in the golang-golang-x-net and golang-golang-x-net-dev packages, as well as the library vendored...

AZL-54507 CVE-2024-45338 affecting package vitess for versions less than 17.0.7-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54398 CVE-2024-45338 affecting package prometheus-adapter for versions less than 0.12.0-2

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54401 CVE-2024-45338 affecting package packer for versions less than 1.9.5-7

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54515 CVE-2024-45338 affecting package terraform for versions less than 1.3.2-21

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54440 CVE-2024-45338 affecting package containerized-data-importer for versions less than 1.57.0-8

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...