31 matches found
EUVD-2022-44092
Malicious code in bioql PyPI...
EUVD-2022-44087
Malicious code in bioql PyPI...
EUVD-2023-36261
Malicious code in bioql PyPI...
EUVD-2022-44084
Malicious code in bioql PyPI...
EUVD-2023-43551
Malicious code in bioql PyPI...
DEBIAN-CVE-2025-45767
jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication...
CVE-2022-40833
B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwherein function. Note: Multiple third parties have disputed this as not a valid vulnerability...
AZL-59745 CVE-2025-29481 affecting package bcc for versions less than 0.29.1-3
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under...
Linux Distros Unpatched Vulnerability : CVE-2018-10021
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drivers/scsi/libsas/sasscsihost.c in the Linux kernel before 4.16 allows local users to cause a denial of service ata qc leak by triggering certain failure...
CVE-2023-52070
JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedleint index, int type' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have bee...
CVE-2022-36648
The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...
CVE-2023-31082
An issue was discovered in drivers/tty/ngsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmldwrite, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability...
SUSE CVE-2022-33124
AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service DoS. NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the...
CVE-2022-29379
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njsdefaultmoduleloader at /src/njs/src/njsmodule.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release...
CVE-2022-25515
stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
CVE-2022-25514
stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
Heap overflow
DISPUTED stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
CVE-2022-25514
stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
Heap overflow
DISPUTED stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...
CVE-2021-3349
GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the bes...