11 matches found
CVE-2026-50643
8cc is vulnerable to an Out‑of‑Bounds Read due to improper handling of line directives and GNU linemarkers. The compiler accepts attacker-controlled filename and line number metadata and later uses it without validation when accessing source line arrays. By supplying invalid or oversized line...
CVE-2026-40027 ALEAPP NQ Vault Artifact Parser Path Traversal
ALEAPP Android Logs Events And Protobuf Parser through 3.4.0 contains a path traversal vulnerability in the NQVault.py artifact parser that uses attacker-controlled filenamefrom values from a database directly as the output filename, allowing arbitrary file writes outside the report output...
ALPINE-CVE-2021-43300
Stack overflow in PJSUA API when calling pjsuarecordercreate. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation...
ALPINE-CVE-2021-43299
Stack overflow in PJSUA API when calling pjsuaplayercreate. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation...
DEBIAN-CVE-2021-43299
Stack overflow in PJSUA API when calling pjsuaplayercreate. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation...
CVE-2021-43299
Stack overflow in PJSUA API when calling pjsuaplayercreate. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation...
UBUNTU-CVE-2021-43302
Read out-of-bounds in PJSUA API when calling pjsuarecordercreate. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters...
CVE-2021-43302
Read out-of-bounds in PJSUA API when calling pjsuarecordercreate. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters...
CVE-2021-43299
Stack overflow in PJSUA API when calling pjsuaplayercreate. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation...
GO-2021-0108 CRLF vulnerability in Fiber in github.com/gofiber/fiber
Due to improper input sanitization, a maliciously constructed filename could cause a file download to use an attacker controlled filename, as well as injecting additional headers into an HTTP response...
GHSA-FMF5-J5J9-99PP OS Command Injection in pulverizr
pulverizr through 0.7.0 allows execution of arbitrary commands. Within lib/job.js, the variable filename can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...