25 matches found
libyang 安全漏洞
LibYang is an open-source YANG data modeling language parser and toolkit developed in C language by CESNET. Versions of LibYang prior to 5.2.6 contained security vulnerabilities. These vulnerabilities stemmed from a write vulnerability in the lyd parsersetdataflags function, which allowed attacke...
CVE-2026-3086
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
CVE-2025-64468
There is a use-after-free vulnerability in sentry!sentryspansetdata when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability...
Prototype Pollution
json-schema-editor-visual is vulnerable to Prototype Pollution. The vulnerability is due to insufficient validation of user-supplied input in the setData and deleteData functions, which allows an attacker to supply a crafted payload to inject or delete properties on Object.prototype, potentially...
Bento4 Denial of Service Vulnerability (CNVD-2026-15392)
Bento4 is an open source C++ library for reading and writing MP4 files. Bento4 suffers from a denial of service vulnerability caused by a flaw in the Mp4Decrypt file Mp4Decrypt.cpp function AP4DataBuffer::SetDataSize. An attacker can exploit this vulnerability to cause a denial of service...
RUSTSEC-2025-0162 `VMABuffer::set_data` may allow out-of-bounds writes from safe code
VMABuffer::setdata was a publicly accessible safe function. It accepted an arbitrary offset and a data slice, then used the offset in unsafe pointer arithmetic before copying the slice into a mapped allocation. Affected versions did not check that the requested write range fit within the allocati...
`VMABuffer::set_data` may allow out-of-bounds writes from safe code
VMABuffer::setdata was a publicly accessible safe function. It accepted an arbitrary offset and a data slice, then used the offset in unsafe pointer arithmetic before copying the slice into a mapped allocation. Affected versions did not check that the requested write range fit within the allocati...
Denial Of Service
Net::IMAP is vulnerable to Denial of Service DoS. The vulnerability is due to memory exhaustion due to the response parser's use of Rangetoa, which allows a malicious server to send highly compressed uid-set data, leading to uncontrolled memory expansion...
CVE-2025-25186
A flaw was found in Ruby's net-imap library. In certain versions, there is a possibility for denial of service by memory exhaustion in the net-imap response parser. At any time while the client is connected, a malicious server can send highly compressed uid-set data, which is automatically read b...
Possible DoS by memory exhaustion in net-imap
Summary There is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is connected, a malicious server can send can send highly compressed uid-set data which is automatically read by the client's receiver thread. The response parser...
DEBIAN-CVE-2025-25186
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
UBUNTU-CVE-2025-25186
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
CVE-2025-25186
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
CVE-2025-25186 Net::IMAP vulnerable to possible DoS by memory exhaustion
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
PT-2025-6069
Name of the Vulnerable Software and Affected Versions Net::IMAP versions 0.3.2 through 0.3.7 Net::IMAP versions 0.4.0 through 0.4.18 Net::IMAP versions 0.5.0 through 0.5.5 Description There is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time whil...
DEBIAN-CVE-2024-26924
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: addelem"00000000" timeout 100 ms ... addelem"0000000X" timeout 100 ms...
CVE-2023-35968
Two heap-based buffer overflow vulnerabilities exist in the gwcfgcgisetmanagepostdata functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow...
Privilege Escalation
Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm to version 6.0.18, 7.0...
Bento4 缓冲区错误漏洞
Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version v1.6.0-639, which stems from the AP4TrunAtom::SetDataOffsetint function in Ap4TrunAtom.h containing a segmentation violation. An attacker can exploit this vulnerabili...
PT-2023-2375 · Liblouis +7 · Liblouis +7
Name of the Vulnerable Software and Affected Versions: Liblouis version 3.24.0 Description: The issue is related to a buffer overflow that can be triggered by a remote attacker, potentially causing a denial of service. This is associated with the compileTranslationTable.c and the lou setDataPath...