RUSTSEC-2023-0062 BER/CER/DER decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to bcder panicking rather than returning an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding. bcder 0.7.3 fixes these issues by more...

Buffer overflow

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU Scientific Library, versions 2.5 and 2.6. Processing a maliciously crafted input data for gslstatsquantilefromsorteddata of the library may lead to unexpected application termination or arbitra...

The vulnerability of the InnoDB component of the MySQL database management system, which allows a hacker to cause a service failure

The vulnerability of the InnoDB component in the MySQL database management system is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the Native Image component in the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Native Image component in the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...

HexUtils.hexStringToBytes32() and HexUtils.hexToAddress() may return incorrect results

Lines of code Vulnerability details Impact The HexUtils.hexStringToBytes32 and HexUtils.hexToAddress may return incorrect results if the input data provided is not in a standard format. This could cause the contract to behave abnormally in some scenarios or be exploited for malicious purposes...

Buffer overflow in sponge queue functions

Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. Patches Yes, see commit fdc6fef0...

Apache Sling JNDI Injection Vulnerability

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to meet the JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. Apache Sling JCR Base versions prior to 3.1.12 JNDI injection vulnerabilit...

Denial Of Service (DoS)

github.com/ipfs/go-unixfs is vulnerable to Denial Of Service DoS. The vulnerability exists because hamt.go doesn't properly handle malformed HAMT structures while reading data in the bogus fanout parameter in the HAMT directory nodes, which leads to memory leaks, allowing an attacker to cause an...

ROS-20230213-01

A vulnerability in the ImageMagick graphical editor is related to errors in input data processing. Exploitation of the vulnerability may allow a remote intruder to gain access to protected information using the profile parameter. information using the profile parameter Vulnerability of ImageMagic...

CVE-2022-48298

The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access...

CVE-2022-48297

The CVE-2022-48297 issue affects the geofencing kernel code where input data length is not verified, potentially causing out-of-bounds memory access. The vulnerability is described with a CVSS v3.1 base score of 7.5 (HIGH), with a network-based, low complexity exploit and no user interaction; con...

CVE-2022-48298

The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access...

The vulnerability of the Core component of the Oracle VM VirtualBox software for Windows operating systems allows a hacker to trigger a service failure.

The vulnerability of the Core component of the Oracle VM VirtualBox virtualization software for Windows operating systems is related to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

Tenda A15 SYSPS Parameter Stack Overflow Vulnerability

Tenda A15 is a WiFi extender from Tenda China. A stack overflow vulnerability exists in the Tenda A15 SYSPS parameter, which originates from a lack of length checking of input data in the SYSPS parameter of /goform/SysToolChangePwd, which can be exploited by an attacker to cause a denial of servi...

Tenda A15 wepauth parameter stack overflow vulnerability

Tenda A15 is a WiFi extender from Tenda, China. A stack overflow vulnerability exists in the Tenda A15 wepauth parameter, which stems from a lack of length checking of input data in the wepauth parameter of /goform/WifiBasicSet, and can be exploited by attackers to execute arbitrary code on the...

Tenda A15 wepkey4 parameter stack overflow vulnerability

Tenda A15 is a WiFi extender from Tenda, China. A stack overflow vulnerability exists in the Tenda A15 wepkey4 parameter, which stems from a lack of length checking of input data in the wepkey4 parameter of /goform/WifiBasicSet, and could be exploited to execute arbitrary code on the system...

Tenda A15 wepkey3 parameter stack overflow vulnerability

Tenda A15 is a WiFi extender from Tenda, China. A stack overflow vulnerability exists in the Tenda A15 wepkey3 parameter, which stems from a lack of length checking of input data in the wepkey3 parameter of /goform/WifiBasicSet, and could be exploited to execute arbitrary code on the system...

Tenda A15 security parameter stack overflow vulnerability

Tenda A15 is a WiFi extender from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda A15 security parameter, which originates from a lack of length checking of input data in the security parameter of /goform/WifiBasicSet, and can be exploited by an attacker to execute...

Tenda A15 ssid parameter stack overflow vulnerability

Tenda A15 is a WiFi extender from Tenda, China. A stack overflow vulnerability exists in the Tenda A15 ssid parameter, which stems from a lack of length checking of input data in the ssid parameter of /goform/WifiBasicSet, and can be exploited by attackers to execute arbitrary code on the system...

Tenda A15 wepkey1 parameter stack overflow vulnerability

Tenda A15 is a WiFi extender from Tenda, China. A stack overflow vulnerability exists in the Tenda A15 wepkey1 parameter, which stems from a lack of length checking of input data in the wepkey1 parameter of /goform/WifiBasicSet, and can be exploited by attackers to execute arbitrary code on the...