CVE-2023-0383

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption...

UBUNTU-CVE-2023-0616

If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this...

AZL-44622 CVE-2021-38561 affecting package podman for versions less than 5.6.1-2

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...

AZL-11222 CVE-2022-3165 affecting package qemu for versions less than 6.2.0-15

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...

AZL-45108 CVE-2022-32149 affecting package buildah for versions less than 1.41.4-2

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

Mozilla: Denial of Service via complex regular expressions

regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those tunable mitigations already provide sane defaults to preven...

AZL-36996 CVE-2020-25722 affecting package samba for versions less than 4.18.3-1

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise...

Rust messagepack-rs crate 安全漏洞

Rust messagepack-rs crate is messagepack-rs is a pure Rust MessagePack implementation. A security vulnerability exists in Rust messagepack-rs crate in versions prior to 2021-01-26, which stems from the fact that deserializestringprimitive can read data from uninitialized memory locations...

PT-2021-15892 · Betterlinks · Simple 301 Redirects

Name of the Vulnerable Software and Affected Versions: Simple 301 Redirects by BetterLinks WordPress plugin versions prior to 2.0.4 Description: The issue is related to a lack of capability checks and insufficient nonce check on the AJAX action "simple301redirects/admin/activate plugin". This mad...

6brain (>=0.0.1 <=0.0.2), 6sense (>=0.0.1 <=1.0.4) +648 more potentially affected by CVE-2020-26256 via fast-csv (>=0.0.0 <=4.3.5)

fast-csv NPM version =0.0.0, =0.0.1, =0.0.1, =0.0.42, =3.8.0, =0.0.23, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.0, =0.0.3, =0.1.10 and more Source cves: CVE-2020-26256 Source advisory: OSV:GHSA-8CV5-P934-3HWP...

chromium-browser: Integer overflow in SwiftShader

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

AZL-38200 CVE-2019-11358 affecting package orangefs for versions less than 2.9.7-7

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

AZL-38872 CVE-2018-14661 affecting package glusterfs for versions less than 5.1-1

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...