UBUNTU-CVE-2023-24021

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILESTMPCONTENT collection...

AZL-13029 CVE-2022-41721 affecting package opa for versions less than 0.50.2-5

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...

CVE-2017-16314

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

CVE-2017-16310

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

PT-2023-10566 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel. Specially crafted commands sent through the PubNub service can cause a stack-based buffer...

CVE-2021-26404

Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure...

DEBIAN-CVE-2022-47661

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via mediatools/avparsers.c:4988 in gfmedianaluaddemulationbytes...

UBUNTU-CVE-2022-47661

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via mediatools/avparsers.c:4988 in gfmedianaluaddemulationbytes...

go-ipld-prime/codec/json may panic if asked to encode bytes

go-ipld-prime is a series of Go interfaces for manipulating IPLD data and a Go module that contains the go-ipld-prime/codec/json codec. Impact Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON encoder which will panic as it doesn't expect to receive Bytes tokens...

GHSA-C653-6HHG-9X92 go-ipld-prime/codec/json may panic if asked to encode bytes

go-ipld-prime is a series of Go interfaces for manipulating IPLD data and a Go module that contains the go-ipld-prime/codec/json codec. Impact Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON encoder which will panic as it doesn't expect to receive Bytes tokens...

CVE-2022-47661

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via mediatools/avparsers.c:4988 in gfmedianaluaddemulationbytes...

GPAC MP4Box 缓冲区错误漏洞

GPAC MP4Box is multimedia packager. It is mainly used to work with ISOBMF files e.g. MP4, 3GP but can also be used to import/export media from container files such as AVI, MPG, MKV, MPEG-2 TS. A security vulnerability exists in GPAC MP4Box version 2.1-DEV-rev649-ga8f438d20, which stems from a...

CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

go-ipld-prime 输入验证错误漏洞

go-ipld-prime is an IPLD open source implementation of the ipld specification interface. A input validation error vulnerability exists in go-ipld-prime, which stems from the fact that its encoded data containing Bytes class nodes will pass a Bytes token to the JSON encoder, since it does not expe...

PT-2023-18513 · Unknown · Go-Ipld-Prime

Name of the Vulnerable Software and Affected Versions: go-ipld-prime versions prior to 0.19.0 Description: The issue arises when encoding data that contains a Bytes kind Node using the json codec, causing the encoder to panic as it does not expect to receive Bytes tokens. This should be treated a...

CVE-2021-35953

fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows a Remote attacker to cause a Denial of Service device outage via crafted choices of the last three bytes of a characteristic value...

CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...

fastrack Reflex 安全漏洞

fastrack Reflex is a smart wearable device from fastrack, Inc. A security vulnerability exists in fastrack Reflex version 2.0 W307SREFLEXv90.89, which stems from an activity tracker that allows a remote attacker to cause a denial of service device outage by carefully selecting the last three byte...

PT-2022-10480 · Unknown · Fastrack Reflex 2.0

Name of the Vulnerable Software and Affected Versions: fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker Description: The issue allows a remote attacker to cause a Denial of Service, resulting in a device outage. This can be achieved via crafted choices of the last three bytes of a...