EUVD-2021-13141

Malware in sbrugna...

EUVD-2023-43613

Malicious code in bioql PyPI...

USN-7330-2: Ansible regression

USN-7330-1 fixed vulnerabilities in Ansible. The update introduced a regression when attempting to install Ansible on Ubuntu 16.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ansible did not properly verify certain fiel...

IBM Cloud Pak for Data Resource Management Error Vulnerability

IBM Cloud Pak for Data is a cloud-native solution from International Business Machines IBM that allows customers to use data and analyze it quickly and efficiently. A resource management error vulnerability exists in IBM Cloud Pak for Data versions 4.0.0 through 5.0.2, which stems from not proper...

CVE-2024-6563

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files...

CVE-2024-32018

CVE-2024-32018 affects RIOT OS, specifically the nimble_scanlist_update() function. The root cause is a len check performed via an assertion, with len subsequently used in memcpy(); if assertions are compiled out, an attacker-controlled len can overflow the fixed-length e->ad buffer. Impact ra...

Deserialization of Untrusted Data in timber/timber

Summary Timber is vulnerable to PHAR deserialization due to a lack of checking the input before passing it into the fileexists function. If an attacker can upload files of any type to the server, he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP...

HPACK decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...

CVE-2023-33045 Buffer Copy Without Checking Size of Input in WLAN Firmware

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute...

CVE-2023-39915

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914...

Input validation

NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914...

CVE-2023-39915 Crashes on parsing certain invalid RPKI objects

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914...

CVE-2023-39915

The CVE-2023-39915 entry concerns NLnet Labs’ Routinator up to version 0.12.1, which may crash when parsing certain malformed RPKI objects. Root cause is insufficient input checking in the bcder library (the same underlying issue as CVE-2023-39914). Impact, per the citations, is availability inte...

PT-2023-27150 · Unknown +1 · Routinator +1

Name of the Vulnerable Software and Affected Versions: Routinator versions up to and including 0.12.1 Description: The issue is caused by insufficient input checking in the bcder library, which may lead to a crash when trying to parse certain malformed RPKI objects. Recommendations: For versions ...

CVE-2022-22104

Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto...

CVE-2021-30191

CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input...

Apple Xcode < 10.2 Code Execution (macOS)

The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 10.2. It is, therefore, affected by a memory corruption issue due to improper input checking. An unauthenticated, remote attacker can exploit this to execute arbitrary code with kernel privileges. Note that Ness...

DEBIAN-CVE-2011-0428

Cross Site Scripting XSS in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments...

CVE-2018-0416

A vulnerability in the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms...

Cisco NX-OS System Software Command Injection Vulnerability in Multiple Cisco Products (CNVD-2017-36141)

Cisco Nexus 5000 Series Switches are the Cisco Nexus series of data center-class switches from Cisco, Inc.Cisco NX-OS System Software is the data center operating system that runs on them. A command injection vulnerability exists in the CLI of Cisco NX-OS System Software in multiple Cisco product...