Search CVE reports
401 – 410 of 43971 results
U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet...
2 affected packages
u-boot, u-boot-nezha
| Package | 22.04 LTS |
|---|---|
| u-boot | Needs evaluation |
| u-boot-nezha | Needs evaluation |
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine() (net/tcp.c) when CONFIG_PROT_TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious...
2 affected packages
u-boot, u-boot-nezha
| Package | 22.04 LTS |
|---|---|
| u-boot | Needs evaluation |
| u-boot-nezha | Needs evaluation |
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly,...
1 affected package
node-immutable
| Package | 22.04 LTS |
|---|---|
| node-immutable | Needs evaluation |
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open...
1 affected package
node-tar
| Package | 22.04 LTS |
|---|---|
| node-tar | Needs evaluation |
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while...
1 affected package
node-tar
| Package | 22.04 LTS |
|---|---|
| node-tar | Needs evaluation |
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as...
1 affected package
node-tar
| Package | 22.04 LTS |
|---|---|
| node-tar | Needs evaluation |
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such...
1 affected package
node-tar
| Package | 22.04 LTS |
|---|---|
| node-tar | Needs evaluation |
js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on every insertion,...
1 affected package
node-js-yaml
| Package | 22.04 LTS |
|---|---|
| node-js-yaml | Needs evaluation |
js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys...
1 affected package
node-js-yaml
| Package | 22.04 LTS |
|---|---|
| node-js-yaml | Needs evaluation |
js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys...
1 affected package
node-js-yaml
| Package | 22.04 LTS |
|---|---|
| node-js-yaml | Needs evaluation |