CVE-2026-49839

jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...

Ruby net-imap < 0.4.24 / 0.5.x < 0.5.14 / 0.6.x < 0.6.4 Multiple Vulnerabilities

The version of the net-imap Ruby library installed on the remote host is prior to 0.4.24, 0.5.x prior to 0.5.14, or 0.6.x prior to 0.6.4. It is, therefore, affected by multiple vulnerabilities. - The Net::IMAP::ResponseReader component is affected by a quadratic time complexity flaw when parsing...

PT-2026-37265

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.9.7 through 0.10.78 Description The X509Ref::ocsp responders function returns OCSP responder URLs from a certificate's AIA extension as OpensslString. The Deref implementation wraps raw bytes using str::from utf8...

EUVD-2009-3448

Malware in sbrugna...

Denial Of Service (DoS)

@feathersjs/transport-commons is vulnerable to Denial of Service DoS attacks. The vulnerability is due to invalid string conversions such as $ toString: '' , which causes the Feathers socket handler to crash the NodeJS process because its unable to handle invalid string conversions...

Design/Logic Flaw

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

Feathers 代码问题漏洞

Feathers is Feathers open source a lightweight Web framework. Used to create APIs and real-time applications using TypeScript or JavaScript. Feathers has a code issue vulnerability , the vulnerability stems from the socket handler does not catch invalid string conversion errors , which can cause...

PT-2023-26168 · Unknown · Feathersjs

Name of the Vulnerable Software and Affected Versions: Feathersjs versions prior to 4.5.18 Feathersjs versions prior to 5.0.8 Description: The Feathers socket handler did not catch invalid string conversion errors, which could cause the NodeJS process to crash when sending an unexpected Socket.io...

SUSE CVE-2010-2941

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service use-after-free and application crash or possibly execute arbitrary code via a crafted IPP request...

CVE-2020-36213

An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...

CVE-2017-7300

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has an aoutlinkaddsymbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read off-by-one because of an incomplete check for invalid string offsets while loading symbols, leading to a GN...

UBUNTU-CVE-2017-7300

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has an aoutlinkaddsymbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read off-by-one because of an incomplete check for invalid string offsets while loading symbols, leading to a GN...

DEBIAN-CVE-2010-2941

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service use-after-free and application crash or possibly execute arbitrary code via a crafted IPP request...

Memory corruption

Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information...

Shockwave Player <= 11.5.1.601 Multiple Vulnerabilities (APSB09-16)

The remote Windows host contains a version of Adobe's Shockwave Player that is 11.5.1.601 or earlier. As such, it is affected by multiple issues : - An invalid index vulnerability could lead to code execution. CVE-2009-3463 - Invalid pointer vulnerabilities could lead to code execution...

BitsCast 0.13.0 - invalid string Remote Denial of Service

BitsCast 0.13.0 - invalid string Remote Denial of Service BitsCast 0.13.0 Remote Denial of Service Credits: gbr Tested on Windows XP SP2 BitsCast crashes when receiving a RSS 2.0 feed item with a invalid string in sub-element 'pubDate'. '../A' x 8, 'A/../' x 8, and others. PoC: Test Remote DoS Po...

NewzCrawler 1.8 - invalid string Remote Denial of Service

NewzCrawler 1.8 - invalid string Remote Denial of Service NewzCrawler 1.8 Remote Denial of Service Credits: gbr Tested on Windows XP SP2 NewzCrawler 1.8 becomes usntable and begin crash when parsering the 'url' atribute of 'enclosure' sub-element contends some invalid string at time of show a...

BitsCast 0.13.0 - invalid string Remote Denial of Service

BitsCast 0.13.0 Remote Denial of Service Credits: gbr Tested on Windows XP SP2 BitsCast crashes when receiving a RSS 2.0 feed item with a invalid string in sub-element 'pubDate'. '../A' x 8, 'A/../' x 8, and others. PoC: Test Remote DoS PoC ../A../A../A../A../A../A../A../A../A../A../A../A...

CVE-2006-5417

McAfee Network Agent mcnasvc.exe 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service agent crash via a long packet, possibly because of an invalid string position fie...

LiteServe URL Decoding DoS Vulnerability

The remote web server dies when an URL consisting of a long invalid string of % is sent. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...