44 matches found
CVE-2021-28031
An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The moveelements function can have a double-free upon a panic in a user-provided f function...
EUVD-2011-1314
Malware in sbrugna...
Gathers structured vuln data from plugins that fork
This plugin generates internal host tags for vulnerability data from plugins that fork. It queries scratchpad tables, aggregates the vulnerability data by plugin ID, port and protocol, then attaches the data to the scan as internal host tags. This plugin does not create a scan vulnerability repor...
EUVD-2025-29455
Malicious code in bioql PyPI...
EUVD-2022-1484
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-26336
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A shortcoming in the HMEF package of poi-scratchpad Apache POI allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files...
Security Bulletin: A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception, which affects IBM watsonx.data
Summary A shortcoming in the HMEF package of poi-scratchpad Apache POI allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files Microsoft Outlook and Microsoft Exchange Server. If an application uses poi-scratchpad to parse TNEF files and the application...
GHSA-77H3-W9RX-HJ3Q User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows
The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...
RUSTSEC-2025-0049 User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows
The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...
User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows
The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...
Malicious code in uniswap-v4-scratchpad-poc (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01754c5d133c195a4c109504b5db8355893e90a308a2317d421d8f2d034cad23 Any computer that has this package installed or running should be considered...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6 Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory le...
Important: Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update
A minor version update from 7.10 to 7.11 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scorin...
poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception
A shortcoming in the HMEF package of poi-scratchpad Apache POI allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files Microsoft Outlook and Microsoft Exchange Server. If an application uses poi-scratchpad to parse TNEF files and the application allows...
Security Bulletin: A security vulnerability has been identified in Apache poi-scratchpad shipped with IBM Tivoli Netcool Impact (CVE-2022-26336)
Summary Apache poi-scratchpad is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Apache poi-scratchpad has been published in a security bulletin. Vulnerability Details CVEID: CVE-2022-26336 DESCRIPTION: Apache POI is vulnerable to a denial of service,...
move_elements can double-free objects on panic
Affected versions of scratchpad used ptr::read to read elements while calling a user provided function f on them. Since the pointer read duplicates ownership, a panic inside the user provided f function could cause a double free when unwinding. The flaw was fixed in commit 891561bea by removing t...
GHSA-3QM2-RFQW-FMRW move_elements can double-free objects on panic
Affected versions of scratchpad used ptr::read to read elements while calling a user provided function f on them. Since the pointer read duplicates ownership, a panic inside the user provided f function could cause a double free when unwinding. The flaw was fixed in commit 891561bea by removing t...
org.apache.poi:poi-examples (=3.11-beta1), org.apache.poi:poi-excelant (=3.11-beta1) +2 more potentially affected by CVE-2014-3574 via org.apache.poi:poi (=3.11-beta1)
org.apache.poi:poi MAVEN version =3.11-beta1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.poi:poi and may be impacted: - org.apache.poi:poi-examples =3.11-beta1 - org.apache.poi:poi-excelant =3.11-beta1 - org.apache.poi:poi-ooxml...
com.bbossgroups.pdp:bboss-pdp-adminservice (>=5.0.1.1 <=5.2.0), com.bbossgroups.pdp:bboss-pdp-fastwx (=5.0.1.2) +76 more potentially affected by CVE-2012-0213 via org.apache.poi:poi-scratchpad (>=3.0.1-FINAL <=3.10-FINAL)
org.apache.poi:poi-scratchpad MAVEN version =3.0.1-FINAL, =5.0.1.1, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2012-0213 Source advisory: OSV:GHSA-JQX5-H2HW-5Q4F...
CVE-2022-26336
A shortcoming in the HMEF package of poi-scratchpad Apache POI allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files Microsoft Outlook and Microsoft Exchange Server. If an application uses poi-scratchpad to parse TNEF files and the application allows...