66 matches found
CVE-2021-38568
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format...
CVE-2021-43620
An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::fromptr on a pointer to the string buffer, the string ...
CVE-2013-0233
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...
CVE-2011-0227
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application...
CVE-2025-22044
CVE-2025-22044 relates to a Linux kernel vulnerability in the ACPI NFIT handling (acpi_nfit_ctl). The issue arises from a narrowing conversion of a user-supplied 64‑bit value (call_pkg->nd_family) to int after a zero-check, which could allow an invalid argument to pass when the lower 32 bits a...
CVE-2025-27835
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c...
CVE-2025-27933 Unauthorized Private-to-Public Channel Conversion
Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public...
CVE-2025-27933
Mattermost CVE-2025-27933 affects Mattermost Server 9.11.x <= 9.11.8, 10.3.x <= 10.3.3, and 10.4.x
CVE-2025-27933 Unauthorized Private-to-Public Channel Conversion
Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public...
CVE-2024-7983 Denial of Service in open-webui/open-webui
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until...
EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1186)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than...
AZL-51778 CVE-2024-49962 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: ACPICA: check null return of ACPIALLOCATEZEROED in acpidbconverttopackage ACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 ACPIALLOCATEZEROED may fail, elements might be NULL and will cause NULL pointer dereference later...
PT-2024-40567 · Git +1 · Simdutf
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow write error. Technical details include the crash type and state, specifically mentioning...
Linux kernel security vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the fact that scrub causes an irreparable failure when ext4 is converted to btrfs...
DEBIAN-CVE-2021-46940
In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix offset overflow issue in index converting The idxtooffset function returns type int 32-bit signed, but MSRPKGENERGYSTAT is u32 and would be interpreted as a negative number. The end result is that it hi...
PT-2024-20002
Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.12.5 Description A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue is related to the conversion of source code to build artifacts. As ...
GLSA-202401-27 : Ruby: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-27 Ruby: Multiple vulnerabilities - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header...
Weaviate denial of service vulnerability
Impact This vulnerability is a type conversion issue that affects users of Weaviate Server versions 1.20.0 and earlier. Who is impacted: Users of Weaviate Server versions 1.20.0 and earlier are impacted by this vulnerability. Patches A patch has been developed for this vulnerability. Patch releas...
PT-2023-26715 · Weaviate · Weaviate
Name of the Vulnerable Software and Affected Versions: Weaviate versions 1.20.0 and earlier Description: The issue is a type conversion problem that allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. This affects users of Weaviate Server versions...
PT-2023-17241 · Unknown · Orangescrum
Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...