Lucene search
K

226 matches found

OSV
OSV
added 2025/02/21 2:13 p.m.11 views

SUSE-SU-2025:0635-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...

8.1CVSS8.1AI score0.89472EPSS
Exploits10References3
OSV
OSV
added 2025/02/21 2:12 p.m.5 views

SUSE-SU-2025:0634-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgrade to 15.12: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...

8.1CVSS8.1AI score0.89472EPSS
Exploits10References3
RedHat Linux
RedHat Linux
added 2025/02/19 10:31 a.m.4 views

curl: libcurl: ASN.1 date parser overread

A flaw was found in libcurl, where libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the time fraction, leading to a strlen performed on a pointer to a heap...

6.5CVSS7.1AI score0.16212EPSS
Exploits1References5
OSV
OSV
added 2025/01/21 12:1 p.m.8 views

CVE-2024-57930 tracing: Have process_string() also allow arrays

In the Linux kernel, the following vulnerability has been resolved: tracing: Have processstring also allow arrays In order to catch a common bug where a TRACEEVENT TPfastassign assigns an address of an allocated string to the ring buffer and then references it in TPprintk, which can be executed...

5.5CVSS6.2AI score0.00198EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/01/16 6:18 p.m.12 views

CVE-2025-20630 Mobile crash via object that can't be cast to String in Attachment Field

Mattermost Mobile versions =2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel...

6.5CVSS0.0059EPSS
Exploits0References1
Veracode
Veracode
added 2024/11/21 8:50 a.m.12 views

Case Insensitive Input Validation

org.springframework, spring-context is vulnerable to Case Insensitive Input Validation. The vulnerability is due to improper handling of case insensitivity in String.toLowerCase, where the fix for making disallowedFields patterns case insensitive inadvertently introduced a risk. This behavior...

5.3CVSS5.5AI score0.00631EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2024/09/08 12:0 p.m.3 views

RUSTSEC-2024-0404 Unsoundness in anstream

When given a valid UTF8 string "ö\x1b😀", the function in crates/anstream/src/adapter/strip.rs will be confused. The UTF8 bytes are \xc3\xb6 then \x1b then \xf0\x9f\x98\x80. When looping over "non-printable bytes" \x1b\xf0 will be considered as some non-printable sequence. This will produce a brok...

7.2AI score
Exploits0References3
OSV
OSV
added 2024/07/26 12:33 p.m.34 views

RLSA-2024:4623 Important: qt5-qtbase security update

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qtbase: qtbase: Delay any communication until encrypted can be responded to CVE-2024-39936 For more details about the security issues,...

7.5CVSS7.5AI score0.00494EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/07/19 10:35 a.m.25 views

Important: Red Hat Security Advisory: qt5-qtbase security update

An update for qt5-qtbase is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.6CVSS7.3AI score0.00494EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/07/18 1:57 p.m.34 views

Important: Red Hat Security Advisory: qt5-qtbase security update

An update for qt5-qtbase is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

8.6CVSS7.3AI score0.00494EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.14 views

RHEL 8 : qt5-qtbase (RHSA-2024:4621)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4621 advisory. Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security...

8.6CVSS7.8AI score0.00494EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.8 views

Fedora: Security Advisory for qt6-qtbase (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS10AI score0.0097EPSS
Exploits0References2
OSV
OSV
added 2024/05/30 12:17 p.m.9 views

SUSE-SU-2024:1862-1 Security update for python

This update for python fixes the following issues: - CVE-2023-52425: Fixed using the system libexpat bsc1219559. - CVE-2023-27043: Modifed fix for unicode string handling in email.utils.parseaddr bsc1222537. - CVE-2022-48560: Fixed use-after-free in Python via heappushpop in heapq bsc1214675. -...

7.5CVSS6.7AI score0.02527EPSS
Exploits3References11
Hacker One
Hacker One
added 2024/05/16 7:4 p.m.108 views

U.S. Dept Of Defense: Out-Of-Bounds Memory Read on ███

Vulnerability description not provided...

9.4CVSS8.4AI score0.99999EPSS
Exploits15
NVD
NVD
added 2024/05/03 3:15 a.m.19 views

CVE-2023-40472

PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the targ...

7.8CVSS8AI score0.0034EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 2:11 a.m.48 views

CVE-2023-40472

CVE-2023-40472 affects PDF-XChange Editor. The vulnerability is an untrusted pointer dereference caused by improper validation of a user-supplied string before it is dereferenced, enabling Remote Code Execution in the context of the current process. Exploitation requires user interaction (target ...

7.8CVSS8AI score0.0034EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2024/05/03 2:11 a.m.16 views

CVE-2023-40472 PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability

PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the targ...

7.8CVSS7.4AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 2:11 a.m.21 views

CVE-2023-40472 PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability

PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the targ...

7.8CVSS8.2AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2024/02/23 3:15 p.m.5 views

DEBIAN-CVE-2023-52464

In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat: drivers/edac/thunderxedac.c: In function 'thunderxocxcomthreadedisr':...

7.8CVSS5.6AI score0.00266EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/02/18 12:0 a.m.20 views

Fedora: Security Advisory (FEDORA-2024-d9be3edddb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.2CVSS9.6AI score0.00321EPSS
Exploits0References3
Rows per page
Query Builder