CVE-2022-25872 Out-of-bounds Read

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory...

CVE-2022-22138 Denial of Service (DoS)

All versions of package fast-string-search are vulnerable to Denial of Service DoS when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation...

CVE-2022-22138

All versions of package fast-string-search are vulnerable to Denial of Service DoS when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation...

CVE-2022-25872

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory...

fast-string-search 安全漏洞

fast-string-search is a search function that can search for strings using N-API and boyer-moore-magiclen. fast-string-search suffers from a denial-of-service vulnerability that stems from incorrect computation of non-string input, which can be exploited by an attacker to cause fast-string- search...

fast-string-search 缓冲区错误漏洞

fast-string-search is a module from the individual developer Magic Len Ron Li in China that searches for substrings in a string using N-API and boyer-moore-magiclen. A security vulnerability exists in fast-string-search due to incorrect memory freeing and length calculation of any non-string inpu...

Out-of-bounds Read

Overview fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen. Affected versions of this package are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows...

Denial of Service (DoS)

Overview fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen. Affected versions of this package are vulnerable to Denial of Service DoS when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from...

PYSEC-2021-272

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...

CVE-2021-37650

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...

CVE-2020-29069

getflagiplocaldb in server/mhn/ui/utils.py in Modern Honey Network MHN through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation database, because the code tries to uppercase a return value even if that value is not a string...

Type confusion exists in _cancel_eval Ruby's TclTkIp class

Type confusion exists in canceleval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution...

UBUNTU-CVE-2016-2337

Type confusion exists in canceleval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution...

Apache Struts 2 vulnerable to an arbitrary Java method execution

Overview Apache Struts 2 contains an arbitrary Java method execution vulnerability. Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is...

security flaw

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service access violation and crash, and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string...