Ruby net-imap < 0.4.24 / 0.5.x < 0.5.14 / 0.6.x < 0.6.4 Multiple Vulnerabilities

The version of the net-imap Ruby library installed on the remote host is prior to 0.4.24, 0.5.x prior to 0.5.14, or 0.6.x prior to 0.6.4. It is, therefore, affected by multiple vulnerabilities. - The Net::IMAP::ResponseReader component is affected by a quadratic time complexity flaw when parsing...

PT-2026-37265

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.9.7 through 0.10.78 Description The X509Ref::ocsp responders function returns OCSP responder URLs from a certificate's AIA extension as OpensslString. The Deref implementation wraps raw bytes using str::from utf8...

EUVD-2009-3448

Malware in sbrugna...

Denial Of Service (DoS)

@feathersjs/transport-commons is vulnerable to Denial of Service DoS attacks. The vulnerability is due to invalid string conversions such as $ toString: '' , which causes the Feathers socket handler to crash the NodeJS process because its unable to handle invalid string conversions...

Design/Logic Flaw

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

PT-2023-26168 · Unknown · Feathersjs

Name of the Vulnerable Software and Affected Versions: Feathersjs versions prior to 4.5.18 Feathersjs versions prior to 5.0.8 Description: The Feathers socket handler did not catch invalid string conversion errors, which could cause the NodeJS process to crash when sending an unexpected Socket.io...

Feathers 代码问题漏洞

Feathers is Feathers open source a lightweight Web framework. Used to create APIs and real-time applications using TypeScript or JavaScript. Feathers has a code issue vulnerability , the vulnerability stems from the socket handler does not catch invalid string conversion errors , which can cause...

SUSE CVE-2010-2941

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service use-after-free and application crash or possibly execute arbitrary code via a crafted IPP request...

CVE-2020-36213

An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...

CVE-2017-7300

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has an aoutlinkaddsymbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read off-by-one because of an incomplete check for invalid string offsets while loading symbols, leading to a GN...

UBUNTU-CVE-2017-7300

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has an aoutlinkaddsymbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read off-by-one because of an incomplete check for invalid string offsets while loading symbols, leading to a GN...

DEBIAN-CVE-2010-2941

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service use-after-free and application crash or possibly execute arbitrary code via a crafted IPP request...

Memory corruption

Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information...

Shockwave Player <= 11.5.1.601 Multiple Vulnerabilities (APSB09-16)

The remote Windows host contains a version of Adobe's Shockwave Player that is 11.5.1.601 or earlier. As such, it is affected by multiple issues : - An invalid index vulnerability could lead to code execution. CVE-2009-3463 - Invalid pointer vulnerabilities could lead to code execution...

BitsCast 0.13.0 - invalid string Remote Denial of Service

BitsCast 0.13.0 - invalid string Remote Denial of Service BitsCast 0.13.0 Remote Denial of Service Credits: gbr Tested on Windows XP SP2 BitsCast crashes when receiving a RSS 2.0 feed item with a invalid string in sub-element 'pubDate'. '../A' x 8, 'A/../' x 8, and others. PoC: Test Remote DoS Po...

BitsCast 0.13.0 - invalid string Remote Denial of Service

BitsCast 0.13.0 Remote Denial of Service Credits: gbr Tested on Windows XP SP2 BitsCast crashes when receiving a RSS 2.0 feed item with a invalid string in sub-element 'pubDate'. '../A' x 8, 'A/../' x 8, and others. PoC: Test Remote DoS PoC ../A../A../A../A../A../A../A../A../A../A../A../A...

NewzCrawler 1.8 - invalid string Remote Denial of Service

NewzCrawler 1.8 - invalid string Remote Denial of Service NewzCrawler 1.8 Remote Denial of Service Credits: gbr Tested on Windows XP SP2 NewzCrawler 1.8 becomes usntable and begin crash when parsering the 'url' atribute of 'enclosure' sub-element contends some invalid string at time of show a...

CVE-2006-5417

McAfee Network Agent mcnasvc.exe 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service agent crash via a long packet, possibly because of an invalid string position fie...

LiteServe URL Decoding DoS Vulnerability

The remote web server dies when an URL consisting of a long invalid string of % is sent. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...