32 matches found
CVE-2026-32031
OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending reques...
EUVD-2017-7316
Malware in sbrugna...
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...
Security Bulletin: Vulnerability in Python Cryptographic Authority cryptography affects IBM Process Mining . CVE-2023-38325
Summary There is a vulnerability in Python Cryptographic Authority cryptography that could allow a remote authenticated attacker to launch attacks on the system . The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerabili...
Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the Python Cryptographic Authority package [CVE-2023-38325]
Summary The Python Cryptographic Authority package is used by the z/TPF real-time insights dashboard starter kit when connecting to a MySQL database from Python. The starter kit was updated to address the vulnerability described by CVE-2023-38325. Vulnerability Details CVEID:CVE-2023-38325...
SUSE CVE-2017-15897
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...
ALPINE-CVE-2017-15897
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...
PT-2017-14275 · Node.Js +1 · Node.Js +1
Name of the Vulnerable Software and Affected Versions: Node.js versions 8.X through 9.X Description: The issue arises when the encoding for the fill value does not match the encoding specified, causing buffers to not be initialized correctly. For example, 'Buffer.alloc0x100, "This is not correctl...
Apache Traffic Server Denial of Service Vulnerability
Apache Traffic Server is scalable HTTP/1.1 compliant caching proxy server. A security vulnerability exists in Apache Traffic Server versions prior to 6.2.1. It allows an attacker to cause a denial of service due to improper matching between content length and block encoding...
CVE-2008-2807
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file...