5 matches found
CVE-2025-22868
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...
CVE-2023-43789
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system...
CVE-2022-41721
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...
CVE-2022-29583
servicewindows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others...
CVE-2020-28851
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. x/text/language is supposed to be able to parse an HTTP Accept-Language header...