2269 matches found
USN-7431-1 haproxy vulnerability
Aleandro Prudenzano and Edoardo Geraci discovered that HAProxy incorrectly handled certain uncommon configurations that replace multiple short patterns with a longer one. A remote attacker could use this issue to cause HAProxy to crash, resulting in a denial of service, or possibly execute...
SUSE CVE-2025-32464
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one...
CVE-2025-32464
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one...
UBUNTU-CVE-2025-32464
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one...
CVE-2025-32464
CVE-2025-32464 affects HAProxy 2.2–3.1.6 in some configurations, causing a heap-based buffer overflow in the sample_conv_regsub routine due to mishandling the replacement of multiple short patterns with a longer one. The issue is documented across multiple sources (Debian LTS advisory fixes in 2....
CVE-2025-32464
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS through the innerForbidCircularReferences function of the PatternBank class. An attacker can cause the Elasticsearch node to crash by sending crafted requests that exploit deep recursion. Note: This is only...
PT-2025-22231
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential lockup issue in the Linux kernel has been identified and resolved. The problem occurs in the st lsm6dsx read fifo function when pattern len is equal to zero and the device FI...
CVE-2025-31163
Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via putpatternarc function...
CVE-2024-6851
In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...
Aim Path Traversal vulnerability
In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...
Directory Traversal
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal via the LocalFileManager.cleanup function, by crafting a malicious glob-pattern that is not verified to be within the directory managed by...
CVE-2024-6851
In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...
PYSEC-2025-94
A Regular Expression Denial of Service ReDoS vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'+' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker c...
CVE-2024-10955
A Regular Expression Denial of Service ReDoS vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'+' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker c...
CVE-2024-6851
CVE-2024-6851 affects aimhubio/aim v3.22.0. The LocalFileManager._cleanup function accepts a user-supplied glob-pattern and does not verify that matched files stay within the directory managed by LocalFileManager, allowing a crafted glob-pattern to delete arbitrary files. Reported impact is arbit...
AZL-79030 CVE-2025-22870 affecting package golang 1.25.7-1
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58455 CVE-2025-22870 affecting package keda for versions less than 2.14.1-7
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58472 CVE-2025-22870 affecting package prometheus for versions less than 2.45.4-12
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
DEBIAN-CVE-2025-22870
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...