226 matches found
SUSE-SU-2025:0635-1 Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...
SUSE-SU-2025:0634-1 Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgrade to 15.12: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...
curl: libcurl: ASN.1 date parser overread
A flaw was found in libcurl, where libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the time fraction, leading to a strlen performed on a pointer to a heap...
CVE-2024-57930 tracing: Have process_string() also allow arrays
In the Linux kernel, the following vulnerability has been resolved: tracing: Have processstring also allow arrays In order to catch a common bug where a TRACEEVENT TPfastassign assigns an address of an allocated string to the ring buffer and then references it in TPprintk, which can be executed...
CVE-2025-20630 Mobile crash via object that can't be cast to String in Attachment Field
Mattermost Mobile versions =2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel...
Case Insensitive Input Validation
org.springframework, spring-context is vulnerable to Case Insensitive Input Validation. The vulnerability is due to improper handling of case insensitivity in String.toLowerCase, where the fix for making disallowedFields patterns case insensitive inadvertently introduced a risk. This behavior...
RUSTSEC-2024-0404 Unsoundness in anstream
When given a valid UTF8 string "ö\x1b😀", the function in crates/anstream/src/adapter/strip.rs will be confused. The UTF8 bytes are \xc3\xb6 then \x1b then \xf0\x9f\x98\x80. When looping over "non-printable bytes" \x1b\xf0 will be considered as some non-printable sequence. This will produce a brok...
RLSA-2024:4623 Important: qt5-qtbase security update
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qtbase: qtbase: Delay any communication until encrypted can be responded to CVE-2024-39936 For more details about the security issues,...
Important: Red Hat Security Advisory: qt5-qtbase security update
An update for qt5-qtbase is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Important: Red Hat Security Advisory: qt5-qtbase security update
An update for qt5-qtbase is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
RHEL 8 : qt5-qtbase (RHSA-2024:4621)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4621 advisory. Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security...
Fedora: Security Advisory for qt6-qtbase (FEDORA-2024-bfb8617ba3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:1862-1 Security update for python
This update for python fixes the following issues: - CVE-2023-52425: Fixed using the system libexpat bsc1219559. - CVE-2023-27043: Modifed fix for unicode string handling in email.utils.parseaddr bsc1222537. - CVE-2022-48560: Fixed use-after-free in Python via heappushpop in heapq bsc1214675. -...
U.S. Dept Of Defense: Out-Of-Bounds Memory Read on ███
Vulnerability description not provided...
CVE-2023-40472
PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the targ...
CVE-2023-40472
CVE-2023-40472 affects PDF-XChange Editor. The vulnerability is an untrusted pointer dereference caused by improper validation of a user-supplied string before it is dereferenced, enabling Remote Code Execution in the context of the current process. Exploitation requires user interaction (target ...
CVE-2023-40472 PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability
PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the targ...
CVE-2023-40472 PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability
PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the targ...
DEBIAN-CVE-2023-52464
In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat: drivers/edac/thunderxedac.c: In function 'thunderxocxcomthreadedisr':...
Fedora: Security Advisory (FEDORA-2024-d9be3edddb)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...