10 matches found
CVE-2026-29795 stellar-xdr: `StringM::from_str` bypasses max length validation
stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...
Atlassian Jira Service Management Data Center and Server 10.3.x < 10.3.16 (JSDSERVER-16491)
"The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16491 advisory. - Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs:...
The vulnerability of the qs.parse() function in the string query analysis and conversion library allows a attacker to cause a service failure.
The vulnerability of the qs.parse function in the string query analysis and transformation library is related to memory exhaustion caused by insufficient checking of constraints for indexed records. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
Security update for glib2
This update for glib2 fixes the following issues: CVE-2025-14512: integer overflow in the GIO escapebytestring function when processing malicious files or remote filesystem attribute values can lead to denial-of-service bsc1254878. CVE-2025-14087: buffer underflow in the GVariant parser...
Important: glib2
Issue Overview: Buffer underflow on Glib through glib/gvariant via bytestringparse or stringparse leads to OOB Write. CVE-2025-14087 Affected Packages: glib2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...
CVE-2025-15284
Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the bytestringparse and stringparse functions on the gvariant-parser.c file. An attacker can cause memory corruption and potentially execute arbitrary code or crash the application by supplying specially...
Linux Distros Unpatched Vulnerability : CVE-2025-38471
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compact...
Audacity: User-assisted execution of arbitrary code
Background Audacity is a free cross-platform audio editor. Description Houssamix discovered a boundary error in the Stringparse::getnonspacequoted function in lib-src/allegro/strparse.cpp. Impact A remote attacker could entice a user into importing a specially crafted .gro file, resulting in the...
CVE-2009-0490
Stack-based buffer overflow in the Stringparse::getnonspacequoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a .gro file containing a long string...