15 matches found
CVE-2026-6477
Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...
GHSA-WFR3-HF93-QGG3 mkdocs-mcp-plugin has a Path Traversal issue
A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...
EUVD-2025-9621
Malicious code in bioql PyPI...
OESA-2025-1538 libxml2 security update
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
CVE-2022-49301 staging: rtl8712: fix uninit-value in usb_read8() and friends
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usbread8 and friends When r8712usbctrlvendorreq returns negative, 'data' in usbread8,16,32 will not be initialized. BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:643 inline BUG:...
PT-2024-40684 · Hdf5 · Hdf5
Name of the Vulnerable Software and Affected Versions: HDF5 affected versions not specified Description: A crash issue was identified, characterized as an UNKNOWN READ. The crash state involves functions such as H5HG read, H5VL native blob get, and H5VL blob get. Recommendations: At the moment,...
PT-2023-35562 · Git +1 · Libredwg
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue has been identified, with a crash type of Heap-buffer-overflow READ 1. The crash state includes functions such as bit...
CVE-2023-36926
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no...
PT-2023-4215 · Sap · Sap Host Agent
Name of the Vulnerable Software and Affected Versions: SAP Host Agent version 7.22 Description: The issue is related to a missing authentication check in the SAP Host Agent, allowing an unauthenticated attacker to set an undocumented parameter to a particular compatibility value. This enables the...
PT-2022-36728 · Spvtools · Spvtools
Name of the Vulnerable Software and Affected Versions: spvtools affected versions not specified Description: The issue is related to a crash caused by a container-overflow read. Technical details about the crash include the CanMergeWithSuccessor function and the BlockMergePass::Process function...
PT-2022-36704 · Git +1 · Clamav
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several functions: cli ole2 extract, cli scanole2, and cli magic scan. No...
DEBIAN-CVE-2021-46048
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions...
UBUNTU-CVE-2021-46048
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions...
Mobile Viewpoint Wireless Multiplex Terminal缓冲区错误漏洞
The Mobile Viewpoint Wireless Multiplex Terminal is a wireless multiplexing technology based device from Mobile Viewpoint in the Netherlands that increases bandwidth. The device can bundle multiple wireless networks to increase bandwidth and provide users with high quality video. A buffer error...
CVE-2017-18220
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service magick/blob.c CloseBlob use-after-free or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403...