CVE-2026-43989

CVE-2026-43989 affects JunoClaw: prior to 0.x.y-security-1, the upload_wasm MCP tool could accept a filesystem path from the agent and upload whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. The issue is fixed in 0.x.y-security-1. Fro...

JLSEC-2026-31

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...

EUVD-2021-1734

Malware in sbrugna...

EUVD-2018-0140

Malware in sbrugna...

SUSE SLES15 / openSUSE 15 Security Update : nginx (SUSE-SU-2025:03444-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03444-1 advisory. - CVE-2025-53859:?the server side may leak arbitrary bytes during the NGINX SMTP authentication process bsc1248070. ...

CVE-2024-10977

CVE-2024-10977 affects PostgreSQL libpq by allowing a server to send an error message that, when the client is not trusting SSL/GSS settings, can reveal arbitrary non-NUL bytes to the client (e.g., psql). Affected products/versions include PostgreSQL before the fixed point: 17.1 and older branche...

CVE-2024-10977

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

CentOS 7 : postgresql (RHSA-2021:2397)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2397 advisory. - A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values,...

SUSE SLES15 / openSUSE 15 Security Update : postgresql12 (SUSE-SU-2023:4454-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4454-1 advisory. - PostgreSQL Project reports: Certain aggregate function calls receiving unknown-type arguments could disclose bytes ...

CVE-2023-5869

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue has several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

GHSA-F9G6-FP84-FV92 impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue has several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

RUSTSEC-2023-0047 impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

IPFS Boxo 安全漏洞

IPFS Boxo is a library for building IPFS applications and implementations from IPFS, Inc. A security vulnerability exists in Boxo version 0.4.0, 0.5.0. An attacker exploiting this vulnerability is able to allocate arbitrarily many bytes in a Bitswap server...

CVE-2021-32028

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality...

CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

Vulnerability in core server (CVE-2021-3677)

Memory disclosure in certain queries A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

Out-of-bounds

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...

CVE-2021-32027

A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...

Design/Logic Flaw

An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness...