CVE-2024-34698

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

SUSE CVE-2025-23156

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfiparser: refactor hfi packet parsing logic wordscount denotes the number of words in total payload, while data points to payload of various property within it. When wordscount reaches last word, data can access...

AZL-61804 CVE-2025-3416 affecting package 389-ds-base 3.1.1-10

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string...

DEBIAN-CVE-2025-3416

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string...

Prototype Pollution

@ndhoule/defaults is vulnerable to Prototype pollution. The vulnerability is due to improper handling of object properties in the lib.deep function, allowing attackers to supply a crafted payload, leading to a Denial of Service DoS...

commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator. This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that...

SUSE-SU-2024:1377-1 Security update for apache-commons-configuration

This update for apache-commons-configuration fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator bsc1221797. - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flattenObject, int with a cyclica...

USN-6453-1 xorg-server, xwayland vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled prepending values to certain properties. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. CVE-2023-5367 Sri discovered that the X.Org X Server incorrectl...

Mageia: Security Advisory (MGASA-2017-0397)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

ALPINE-CVE-2017-2887

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this...

CVE-2017-2887

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this...

Simple DirectMedia Layer SDL_image XCF Property Handling Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger thi...

The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions policies.

The vulnerability of the ModuleSystem::RequireForJsInner function in the extensions/renderer/modulesystem.cc module is related to incorrect property handling. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions policies...