Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2026-1568)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1568 advisory. A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the...

CVE-2026-0810 Gix-date: gix-date: undefined behavior due to invalid string generation

A flaw was found in gix-date. The gixdate::parse::TimeBuf::asstr function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the TimeBuf component, leading to undefined behavior when these malformed strings are subsequently processed...

CLSA-2025-1767000167 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checks to prevent crashes and improperly escaped data when PostgreSQL rejects invalid strings...

EUVD-2007-2718

Malware in sbrugna...

EUVD-2020-28199

Malware in sbrugna...

EUVD-2011-2702

Malware in sbrugna...

CVE-2020-27840

...

UBUNTU-CVE-2024-42236

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form if str0 - 1 == '\n' followed...

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

SUSE CVE-2019-1010238

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...

Memory corruption

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output...

USN-3407-1 pyjwt vulnerability

It was discovered that a vulnerability in PyJWT doesn't check invalidstrings properly for some public keys. A remote attacker could take advantage of a key confusion to craft JWTs from scratch...

PYSEC-2017-24

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

Key Confusion Attacks

PyJWT is vulnerable to asymmetric/symmetric key confusion attacks. PKCS1 PEM keys that begin with -----BEGIN RSA PUBLIC KEY----- will not be rejected by the invalidstrings check in HMACAlgorithm.preparekey. Using this flaw, attackers can cause symmetric/asymmetric confusion and create JWTs from...

Code injection

Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service application instability via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence...

CVE-2007-2722

Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service application instability via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence...