27 matches found
Relative Path Traversal
Overview org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Relative Path Traversal via t...
Deserialization of Untrusted Data
Overview symfony/monolog-bridge is a Provides integration for Monolog with various Symfony components Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization of network input in Symfony\Bridge\Monolog\Command\ServerLogCommand. An attacker can...
Buffer Overflow
CodeChecker is vulnerable to Buffer Overflow. The vulnerability is due to unsafe handling of input when executing the CodeChecker log command, and attackers can exploit this by supplying crafted log data to cause memory corruption and potentially achieve code execution...
CVE-2025-40843
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects...
CVE-2025-40843
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects...
CVE-2025-40843
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects...
PYSEC-2025-100
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects...
EUVD-2025-30823
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects...
CVE-2025-40843 Buffer overflow in CodeChecker log command
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects...
CVE-2025-40843 Buffer overflow in CodeChecker log command
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects...
EUVD-2024-0404
Malicious code in bioql PyPI...
CVE-2025-59433 @conventional-changelog/git-client has an Argument Injection vulnerability
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...
CodeChecker has a buffer overflow in the log command
Summary CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. Details Unsafe usage of strcpy function in the internal ldlogger library allows attackers to trigger a buffer overflow by supplying...
GHSA-5XF2-F6CH-6P8R CodeChecker has a buffer overflow in the log command
Summary CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. Details Unsafe usage of strcpy function in the internal ldlogger library allows attackers to trigger a buffer overflow by supplying...
PT-2025-39096
Name of the Vulnerable Software and Affected Versions CodeChecker versions through 6.26.1 Description CodeChecker versions up to 6.26.1 contain a buffer overflow in the internal ldlogger library, triggered when executing the CodeChecker log command. The issue stems from the unsafe use of the strc...
CVE-2024-23904
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
Arbitrary file read vulnerability in Jenkins Log Command Plugin
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
GHSA-QJPF-2JHX-3758 Arbitrary file read vulnerability in Jenkins Log Command Plugin
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
CVE-2024-23904
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
Double free
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...