CVE-2025-59605

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

EUVD-2025-210020

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

MiracleLinux 8 : openssl-1.1.1k-5.el8 (AXSA:2021-2837:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2837:06 advisory. openssl: Read buffer overruns processing ASN.1 strings CVE-2021-3712 Tenable has extracted the preceding description block directly from the MiracleLinux...

MGASA-2025-0326 Updated golang packages fix security vulnerabilities

Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509. CVE-2025-61727 Excessive resource consumption when printing error string for host certificate validation in crypto/x509. CVE-2025-61729...

EUVD-2021-1960

Malware in sbrugna...

EUVD-2008-3132

Malware in sbrugna...

EUVD-2023-34841

Malicious code in bioql PyPI...

CVE-2025-26699

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings...

CVE-2024-56828

CVE-2024-56828 affects ChestnutCMS up to 1.5.0. The /api/member/avatar endpoint accepts a base64 data URL, decodes the payload via the service’s uploadAvatarByBase64, and derives a file suffix from the encoded content (substring from the 11th character to the first semicolon). The decoded data is...

CVE-2024-56828

File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the...

DrayTek Vigor 3910 安全漏洞

The DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3910 version 4.3.2.6 and prior versions, which is caused by a stack-based overflow when processing query string parameters...

Denial Of Service (DoS)

Django is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient string processing within the intcomma template filter when a long string is parsed. This issue can be exploited by an attacker to cause DoS...

Security Bulletin: IBM Db2 Web Query for i is vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928)

Summary Db2 Web Query uses the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. Db2 Web Query has addressed the vulnerability with a fix a...

Security Bulletin: IBM Navigator for i and IBM Digital Certificate Manager for i are vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928).

Summary IBM Navigator for i and IBM Digital Certificate Manager for i use the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM Navigat...

K5794: Security Advisory: Perl integer sign error in format string processing - CVE-2005-3962

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to K4602:...

GHSA-38FC-WPQX-33J7 Uncontrolled Resource Consumption in trim-off-newlines

All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service ReDoS via string processing...

Uncontrolled Resource Consumption in trim-off-newlines

All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service ReDoS via string processing...

CVE-2021-3712

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports: SM2 Decryption Buffer Overflow CVE-2021-3711: High Read buffer overruns processing ASN.1 strings CVE-2021-3712: Moderate...

CVE-2021-23425

A flaw was found in nodejs-trim-off-newlines. All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service ReDoS via string processing. The highest threat from this vulnerability is to system availability...