Linux Distros Unpatched Vulnerability : CVE-2023-29583

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties...

TencentOS Server 4: gstreamer1-plugins-good (TSSA-2025:0705)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0705 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2021-23351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a...

CVE-2025-57820

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

CVE-2025-57820

CVE-2025-57820 affects the JavaScript library devalue (used with Svelte). Prior to version 5.3.2, parsing payloads with devalue.parse could allow a proto property and non-numeric indices to be treated in dangerous ways, enabling prototype pollution on objects via the prototype chain. The issue is...

CVE-2025-57820 Svelte devalue vulnerable to prototype pollution

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

CVE-2025-57820 Svelte devalue vulnerable to prototype pollution

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

CVE-2025-57820 Svelte devalue vulnerable to prototype pollution

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

devalue prototype pollution vulnerability

devalue.parse allows proto to be set A string passed to devalue.parse could represent an object with a proto property, which would assign a prototype to an object while allowing properties to be overwritten: js class Vector constructorx, y this.x = x; this.y = y; get magnitude return this.x 2 +...

Prototype Pollution

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate object prototypes or assign...

GHSA-VJ54-72F3-P5JV devalue prototype pollution vulnerability

devalue.parse allows proto to be set A string passed to devalue.parse could represent an object with a proto property, which would assign a prototype to an object while allowing properties to be overwritten: js class Vector constructorx, y this.x = x; this.y = y; get magnitude return this.x 2 +...

CVE-2025-9384

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...

Linux Distros Unpatched Vulnerability : CVE-2025-5899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function...

PT-2025-34819 · Unknown · Svelte Devalue

Name of the Vulnerable Software and Affected Versions: Svelte devalue versions prior to 5.3.2 Description: Svelte devalue is a utility library susceptible to prototype pollution. Passing a string to devalue.parse that represents an object with a proto property, without numeric index checking, can...

Linux Distros Unpatched Vulnerability : CVE-2023-37419

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple out-of-bounds write vulnerabilities exist in the VCD parsevaluechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead...

CVE-2025-54462

A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-52461

An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted .nex file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2018-20455

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asmx86nz.c may allow attackers to cause a denial of service application crash via a...

Linux Distros Unpatched Vulnerability : CVE-2019-14292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1...

CVE-2025-38660

In the Linux kernel, the following vulnerability has been resolved: ceph parselongname: strrchr expects NUL-terminated string ... and parselongname is not guaranteed that. That's the reason why it uses kmemdupnul to build the argument for kstrtou64; the problem is, kstrtou64 is not the only thing...