CVE-2026-24091 Improper Validation of Syntactic Correctness of Input in Display

Memory corruption while processing fastboot commands with improperly formatted input...

CVE-2026-24089 Improper Validation of Syntactic Correctness of Input in Kernel

Memory corruption while processing fastboot commands with invalid input...

Improper Validation of Syntactic Correctness of Input

Overview tomcat:tomcat-coyote is a discontinued coyote plugin for Tomcat. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the processing of HTTP/2 request headers. An attacker can cause unexpected behavior or potentially compromise the...

CLSA-2026-1770667352 openssl: Fix of 3 CVEs

CVE-2025-69418: fix OCB AES-NI/HW stream path leaving trailing bytes unauthenticated/unencrypted by advancing pointers after stream processing - CVE-2025-69420: fix missing ASN1TYPE validation in TSRESPverifyresponse for signing certificate attributes - CVE-2025-15468: add a NULL guard before...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Validation of Syntactic Correctness of Input in Golang (CVE-2025-22868)

Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2025-22868 Vulnerability Details CVEID:CVE-2025-22868 DESCRIPTION: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CWE:CWE-1286: Improper Validation of Syntactic Correctness o...

CVE-2025-10954

The CVE-2025-10954 entry concerns the Go package github.com/nyaruka/phonenumbers prior to version 1.2.2, where the phonenumbers.Parse() function may panic due to improper validation of input syntax, causing a runtime slice bounds error. Affected component: phonenumbers.Parse() in the library; roo...

Improper Validation of Syntactic Correctness of Input

Overview torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the torch.Tensor.random function when a model is compiled with Inductor. An attacker can caus...

CVE-2025-25007

Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos OS routers of the MX Series and Junos OS routers of the PTX Series and ACX Series allows a attacker to cause service interruptions.

The vulnerability of the Packet Forwarding Engine PFE module in Juniper Networks’ Junos OS routers of the MX Series and Junos OS Evolved routers of the PTX Series and ACX Series is related to improper syntax validation during input verification. Exploiting this vulnerability can allow an attacker...

Juniper Networks Junos OS Security Vulnerability

Juniper Networks Junos OS is a Juniper Networks USA network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS has a security vulnerability that originates from the presence of an...

The vulnerability of the PAN-OS operating system, related to errors in syntax validation during input processing, allows attackers to trigger service failures.

The vulnerability of the PAN-OS operating system is related to errors in syntax validation during input processing. Exploiting this vulnerability allows a malicious actor to trigger a service failure using specially created Windows New Technology LAN Manager NTLM packets from Windows servers...

Juniper Networks Junos OS Security Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability in Juniper Networks Junos OS, which arises from an improper validation of the...

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range". PoC go import "fmt"...

Cross-site Scripting via missing Binding syntax validation

Impact The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP contex...

CVE-2023-45683 Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml

github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the...

The vulnerability of the intrusion prevention system (IDP) of the Junos OS, which allows a perpetrator to trigger a service failure

The vulnerability of the Junos OS intrusion prevention system is related to incorrect syntax validation during input processing. Exploiting this vulnerability allows a remote attacker to trigger a service failure...

The vulnerability of the Protobuf data serialization protocol, related to incorrect syntax validation during input processing, allows attackers to cause service failures.

The vulnerability of the Protobuf data serialization protocol is related to incorrect syntax validation during input processing. Exploiting this vulnerability allows an attacker to cause service failures remotely...

K75543432: PHP vulnerability CVE-2017-11628

Security Advisory Description In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications th...

Scientific Linux Security Update : openldap on SL7.x i686/x86_64 (2022:0621)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0621-1 advisory. - openldap: assertion failure in Certificate List syntax validation CVE-2020-25709 - openldap: assertion failure in CSN normalization with invali...

openldap security update

2.4.44-25 - Fix CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation 2040539 - Fix CVE-2020-25710 openldap: assertion failure in CSN normalization with invalid input 2040538...