14 matches found
TinyEnv: Inline comments not stripped properly in .env values
Impact TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text. Applications depending on strict environment values may expose logic errors, insecure...
GHSA-3J7M-5G4Q-GFPC TinyEnv: Missing .env file not required — may cause unexpected behavior
Impact TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. Affected versions: - 1.0.1 → 1.0.2 ...
TinyEnv: Missing .env file not required — may cause unexpected behavior
Impact TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. Affected versions: - 1.0.1 → 1.0.2 ...
CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...
CVE-2025-58758 TinyEnv: Missing .env file not required — may cause unexpected behavior
TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration,...
PT-2025-36952
Name of the Vulnerable Software and Affected Versions: TinyEnv versions 1.0.1 through 1.0.2 TinyEnv versions 1.0.9 through 1.0.10 Description: TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently...
PT-2023-1848 · Libde265 +4 · Libde265 +4
Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.10 Description: The issue is related to a NULL pointer dereference in the ff hevc put weighted pred avg 8 sse function at sse-motion.cc. This allows attackers to cause a Denial of Service DoS via a crafted input file. The...
PT-2023-1852 · Libde265 +4 · Libde265 +4
Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.10 Description: The issue is related to a NULL pointer dereference in the put weighted pred 8 fallback function at fallback-motion.cc. This allows attackers to cause a Denial of Service DoS via a crafted input file...
PT-2023-1846 · Libde265 +4 · Libde265 +4
Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.10 Description: The issue is related to a NULL pointer dereference in the mc chroma function at motion.cc in the libde265 video codec implementation. This allows an attacker to cause a Denial of Service DoS via a crafted...
PT-2022-7259 · Libde265 +3 · Libde265 +3
Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.8 Description: The issue is related to the ff hevc put hevc qpel v 3 8 sse function in the Libde265 video codec implementation, which is associated with a buffer overflow in memory. This allows attackers to cause a Denial...
PT-2022-7252 · Libde265 +3 · Libde265 +3
Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.8 Description: The issue is related to a heap-buffer-overflow vulnerability via the ff hevc put hevc qpel h 2 v 1 sse function in sse-motion.cc. This allows attackers to cause a Denial of Service DoS via a crafted video...
PT-2022-7260 · Libde265 +3 · Libde265 +3
Name of the Vulnerable Software and Affected Versions: Libde265 versions 1.0.8 Description: The issue is related to a heap-buffer-overflow in the ff hevc put hevc epel pixels 8 sse function, which can be exploited by attackers to cause a Denial of Service DoS via a crafted video file. This...
PT-2022-7270 · Libde265 +3 · Libde265 +3
Name of the Vulnerable Software and Affected Versions: Libde265 version 1.0.8 Description: The issue is related to a heap-buffer-overflow vulnerability via the put epel hv fallback function in fallback-motion.cc. This allows attackers to cause a Denial of Service DoS via a crafted video file. The...
PT-2022-6473 · Libde265 +3 · Libde265 +3
Name of the Vulnerable Software and Affected Versions: libde265 versions 1.0.8 Description: An issue was discovered in libde265, where there is a Heap-use-after-free in intrapred.h when decoding a file using dec265. This could allow a remote attacker to cause a denial of service. Recommendations:...