Linux Distros Unpatched Vulnerability : CVE-2018-20337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a stack-based buffer overflow in the parsemakernote function of dcrawcommon.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or...

Linux Distros Unpatched Vulnerability : CVE-2025-6141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocesstermcap of th...

Linux Distros Unpatched Vulnerability : CVE-2021-32613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. CVE-2021-32613 Note that Nessus relies ...

Linux Distros Unpatched Vulnerability : CVE-2021-23351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a...

Linux Distros Unpatched Vulnerability : CVE-2024-38517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h whe...

Linux Distros Unpatched Vulnerability : CVE-2023-23143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow vulnerability in function avcparseslice in file mediatools/avparsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master. CVE-2023-23143 Note that...

TencentOS Server 4: gstreamer1-plugins-good (TSSA-2025:0705)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0705 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2019-13445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the ROS communications-related packages aka roscomm or ros-melodic-ros-comm through 1.14.3. parseOptions in tools/rosbag/src/record.c...

Linux Distros Unpatched Vulnerability : CVE-2020-15365

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibRaw before 0.20-Beta3 has an out-of-bounds write in parseexif in metadata\exifgps.cpp via an unrecognized AtomName and a zero value of tiffnifds...

Linux Distros Unpatched Vulnerability : CVE-2021-40559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmxparsenalavc function in reframenalu, which allows a denail of service...

Linux Distros Unpatched Vulnerability : CVE-2023-29583

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties...

CVE-2025-57820

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

CVE-2025-57820

CVE-2025-57820 affects the JavaScript library devalue (used with Svelte). Prior to version 5.3.2, parsing payloads with devalue.parse could allow a proto property and non-numeric indices to be treated in dangerous ways, enabling prototype pollution on objects via the prototype chain. The issue is...

CVE-2025-57820 Svelte devalue vulnerable to prototype pollution

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

CVE-2025-57820 Svelte devalue vulnerable to prototype pollution

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

CVE-2025-57820 Svelte devalue vulnerable to prototype pollution

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

Prototype Pollution

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate object prototypes or assign...

devalue prototype pollution vulnerability

devalue.parse allows proto to be set A string passed to devalue.parse could represent an object with a proto property, which would assign a prototype to an object while allowing properties to be overwritten: js class Vector constructorx, y this.x = x; this.y = y; get magnitude return this.x 2 +...

GHSA-VJ54-72F3-P5JV devalue prototype pollution vulnerability

devalue.parse allows proto to be set A string passed to devalue.parse could represent an object with a proto property, which would assign a prototype to an object while allowing properties to be overwritten: js class Vector constructorx, y this.x = x; this.y = y; get magnitude return this.x 2 +...

CVE-2025-9384

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...