66 matches found
SUSE-SU-2025:0634-1 Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgrade to 15.12: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgrade to 15.12: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2025:0615-1 Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgrade to 14.17: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...
SUSE-SU-2025:0606-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgrade to 13.20: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...
CVE-2024-42392
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters...
JSON-java: parser confusion leads to OOM
A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...
Out-of-bounds
Cesanta MJS 2.20.0 has a getpropbuiltinforeign out-of-bounds read if a Built-in API name occurs in a substring of an input string...
Integer overflow
A vulnerability was found in libcap. This issue occurs in the libcapstrdup function and can lead to an integer overflow if the input string is close to 4GiB...
CVE-2023-2603
A vulnerability was found in libcap. This issue occurs in the libcapstrdup function and can lead to an integer overflow if the input string is close to 4GiB...
c-ares: buffer overflow in config_sortlist() due to missing string length check
A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...
Updated c-ares packages fix security vulnerability
The configsortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. CVE-2022-4904...
Updated sofia-sip packages fix security vulnerability
The configsortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service. CVE-2022-47516...
SUSE CVE-2008-2935
Multiple heap-based buffer overflows in the rc4 1 encryption aka exsltCryptoRc4EncryptFunction and 2 decryption aka exsltCryptoRc4DecryptFunction functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containin...
CVE-2022-42466 XSS vulnerability, eg for String properties.
Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...
Insecure Cryptography
ujson is vulnerable to insecure cryptography. The vulnerability exists in a JSON string contains escaped surrogate characters which are not part of a proper surrogate pair, the library may decode those characters incorrectly which allows remote attackers to cause unintended behavior in the...
Regular Expression Denial Of Service (ReDoS)
js-beautify is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to manipulate the application by inserting specifically crafted input string via the Tokenizer function, resulting in denial of service conditions...
GHSA-WHGM-JR23-G3J9 Uncontrolled Resource Consumption in ansi-html
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...
CVE-2020-7058
datainput.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection - Data Input Methods - Unix - Ping Host. NOTE: the vendor has stated "This is a false alarm...
CVE-2019-15846
An out-of-bounds write flaw was found in exim. The function fails to correctly handle situations when a backslash is the last character of the input string and incorrectly sets the pointer that is supposed to point to the last character of the escape sequence upon function exit. That leads to...
Input validation
A Malformed Input String to /cgi-bin/api-getlinestatus on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext...