Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Plausible tracking allows Cross-Site Scripting (XSS).This issue affects Plausible tracking: from 0.0.0 before 1.0.2. More information : https://www.drupal.org/sa-contrib-2025-107
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal JSON Field allows Cross-Site Scripting (XSS).This issue affects JSON Field: from 0.0.0 before 1.5. More information : https://www.drupal.org/sa-contrib-2025-106
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption. More information : https://go.dev/cl/709859
The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. More information : https://go.dev/cl/709860
On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes) More information : https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124
Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO More information : https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause...
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. More information : https://go.dev/cl/709856
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as “a=;”, an...
Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains....
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains. More...
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. More information : https://go.dev/cl/707776
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. More information : https://go.dev/cl/709858