Uncontrolled Recursion

Overview sqlfluff is a The SQL Linter for Humans Affected versions of this package are vulnerable to Uncontrolled Recursion through the ParseContext and parser recursion in the SQL parser components. An attacker can exhaust parser stack depth and force repeated parse failures by supplying deeply...

scim_proton and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion

Summary A single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort — the entire...

Amazon Linux 2 : python, --advisory ALAS2-2026-3218 (ALAS-2026-3218)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3218 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |=...

Linux Distros Unpatched Vulnerability : CVE-2017-11556

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial ...

Moderate: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 7.0.2 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Important: golang

Issue Overview: An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library stdlib and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice array causing a panic when...

SUSE CVE-2017-11556

There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service...

CVE-2017-1000126

exiv2 0.26 contains a Stack out of bounds read in webp parser...

Wireshark NCP Parser Stack Buffer Overflow Vulnerability

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A stack buffer overflow vulnerability exists in the epan/dissectors/packet-ncp2222.inc file in the NCP parser in Wireshark versions 1.12.11 prior to 1.12.x. This vulnerability can ...