20133 matches found
OESA-2025-2829 golang security update
. Security Fixes: Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a...
OESA-2025-2827 golang security update
. Security Fixes: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses...
Denial Of Service (DoS)
OpenSearch is vulnerable to Denial Of Service DoS. The vulnerability is due to the handling of overly complex querystring inputs, which allows an attacker to submit specially crafted queries that exhaust system resources and trigger a DoS condition...
AZL-72374 CVE-2025-67725 affecting package python-tornado 6.3.3-11
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...
CVE-2025-67725
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...
EUVD-2025-203031
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...
Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...
...
AZL-72299 CVE-2025-14512 affecting package glib for versions less than 2.71.0-9
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...
CVE-2025-14512
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...
UBUNTU-CVE-2025-14512
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...
CVE-2025-14512
CVE-2025-14512 affects GLib2 (glib2) in IBM Netezza Appliance. The IBM security bulletin confirms a vulnerability in GLib’s GIO escape_byte_string() that can cause a heap-based buffer overflow leading to DoS when processing certain file or remote filesystem attribute values. Remediation: upgrade ...
CVE-2025-14512
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...
CVE-2025-14512
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...
CVE-2025-14512 Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...
CVE-2025-14512 Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...
CVE-2025-14512
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...
CVE-2025-14512
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values. Mitigation Mitigation for this issue is eith...
CVE-2025-61729
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2024-50397)
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability i...
Linux Distros Unpatched Vulnerability : CVE-2025-14512
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output...