The package muhammara before 2.6.0 and the package hummus before 1.0.111 are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-25885
https://github.com/gal…
Impact
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
Patches
It has been patched in 3.1.1 and ha…
Impact
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter that would cause the program to crash and not finish the validation and thus a denial of service.
Patches
This issue is fixed in v1.4.4
Wo…
Prior to version 0.4.2, conduit-hyper did not check any limit on a request’s length before calling hyper::body::to_bytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a panic if memory allocati…
Impact
The Snowboard framework in affected versions is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader.
Patches
This issue has been patched in https://github.com/wintercms/winter/commit/2a13faf99972e84c966125…
Impact
What kind of vulnerability is it? Who is impacted?
We’d like to disclose an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in the current working directory. This vulnerability allows…
Apache IoTDB versions 0.12.2 through 0.12.6, and 0.13.0 through 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. This issue is patched in 0.13.3. Users should upgrade or use a later v…
In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and ma…
Impact
This impacts users that use shescape to escape arguments:
for the Unix shell Bash, or any not-officially-supported Unix shell;
using the escape or escapeAll functions with the interpolation option set to true.
An attacker can cause polynomial …
Description
In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source.
For …
