217 matches found
CVE-2026-44375 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...
CVE-2026-44375 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...
Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...
GHSA-2CWQ-PWFR-WCW3 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reader to allocate an attacker-controlled number of bytes on the stack. This can trigger a...
Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1617)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1617 advisory. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, a...
tinyobjloader 安全漏洞
tinyobjloader is an application developed by Dan Kiyochi. There is a security vulnerability in tinyobjloader, which stems from the experimental/tinyobjloaderopt.h file containing a stack overflow issue, potentially leading to denial-of-service attacks...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
EUVD-2017-8748
Malware in sbrugna...
EUVD-2025-10263
Malicious code in bioql PyPI...
EUVD-2022-6839
Malicious code in bioql PyPI...
EUVD-2022-1319
Malicious code in bioql PyPI...
EUVD-2024-1914
Malicious code in bioql PyPI...
EUVD-2025-28482
Malicious code in bioql PyPI...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.12 security update
A new security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This upda...
VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVE-2024-21907 addresses a mishandling of exceptional conditions vulnerability in Newtonsoft.Json before version 13.0.1. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the...
Alibaba Cloud Linux 3 : 0144: pki-deps:10.6 (ALINUX3-SA-2025:0144)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0144 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-52999: jackson-core contains core low-leve...
RHEL 8 : pki-deps:10.6 (RHSA-2025:14116)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14116 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes:...
RHEL 8 : pki-deps:10.6 (RHSA-2025:14117)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14117 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes:...
CVE-2025-8822
CVE-2025-8822 affects Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. The vulnerable component is the function algDisable in the file /goform/setOpMode . Manipulating the argument opMode triggers a stack-based buffer overflow , enabling a remote exploit. The exploit has ...
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...