Lucene search
+L

10 matches found

Vulnrichment
Vulnrichment
added 2026/03/06 8:42 p.m.4 views

CVE-2026-29795 stellar-xdr: `StringM::from_str` bypasses max length validation

stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...

4CVSS5.8AI score0.00193EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.7 views

Atlassian Jira Service Management Data Center and Server 10.3.x < 10.3.16 (JSDSERVER-16491)

"The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16491 advisory. - Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs:...

6.3CVSS6.5AI score0.0041EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2026/01/14 12:0 a.m.2 views

The vulnerability of the qs.parse() function in the string query analysis and conversion library allows a attacker to cause a service failure.

The vulnerability of the qs.parse function in the string query analysis and transformation library is related to memory exhaustion caused by insufficient checking of constraints for indexed records. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

7.8CVSS6.8AI score0.0041EPSS
Exploits1References4Affected Software2
SUSE Linux
SUSE Linux
added 2026/01/05 10:52 a.m.9 views

Security update for glib2

This update for glib2 fixes the following issues: CVE-2025-14512: integer overflow in the GIO escapebytestring function when processing malicious files or remote filesystem attribute values can lead to denial-of-service bsc1254878. CVE-2025-14087: buffer underflow in the GVariant parser...

7.7CVSS7.7AI score0.00767EPSS
Exploits1References12
Amazon
Amazon
added 2026/01/05 12:0 a.m.6 views

Important: glib2

Issue Overview: Buffer underflow on Glib through glib/gvariant via bytestringparse or stringparse leads to OOB Write. CVE-2025-14087 Affected Packages: glib2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

9.8CVSS7AI score0.00767EPSS
Exploits0
NVD
NVD
added 2025/12/29 11:15 p.m.6 views

CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

6.3CVSS0.0041EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/05 12:0 a.m.2 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the bytestringparse and stringparse functions on the gvariant-parser.c file. An attacker can cause memory corruption and potentially execute arbitrary code or crash the application by supplying specially...

9.8CVSS7.5AI score0.00767EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-38471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compact...

7.8CVSS5.5AI score0.00152EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2009/03/06 12:0 a.m.33 views

Audacity: User-assisted execution of arbitrary code

Background Audacity is a free cross-platform audio editor. Description Houssamix discovered a boundary error in the Stringparse::getnonspacequoted function in lib-src/allegro/strparse.cpp. Impact A remote attacker could entice a user into importing a specially crafted .gro file, resulting in the...

9.3CVSS4.6AI score0.16625EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2009/02/10 1:30 a.m.17 views

CVE-2009-0490

Stack-based buffer overflow in the Stringparse::getnonspacequoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a .gro file containing a long string...

9.3CVSS6.4AI score0.16625EPSS
Exploits0References1
Rows per page
Query Builder