Heap overflow

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::sharedcount function at /bits/sharedptrbase.h...

CVE-2024-24246

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::sharedcount function at /bits/sharedptrbase.h...

CVE-2024-24246

CVE-2024-24246 is a heap buffer overflow in qpdf 11.9.0 triggered by memory handling in the standard library’s shared_ptr path (std::__shared_count). Multiple connected reports (Ubuntu, Fedora, Red Hat, OpenVAS, and Nessus plugins) describe that processing certain input can crash the application,...

CVE-2024-24246

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::sharedcount function at /bits/sharedptrbase.h...

CVE-2024-24246

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::sharedcount function at /bits/sharedptrbase.h...

CVE-2024-24246

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::sharedcount function at /bits/sharedptrbase.h...

OSV-2023-1259 Use-of-uninitialized-value in std::__1::__stdoutbuf<char>::xsputn

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64693 Crash type: Use-of-uninitialized-value Crash state: std::1::stdoutbuf::xsputn std::1::ostreambufiterator std::1::pa std::1::basicostream & std::1::putcha...

Rocky Linux 8 : rust-toolset:rhel8 (RLSA-2022:1894)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1894 advisory. - Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG...

RUSTSEC-2023-0057 Fails to prohibit standard library access prior to initialization of Rust standard library runtime

Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...

CVE-2023-39988 WordPress WxSync Plugin <= 2.7.23 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in 标准云std.Cloud WxSync plugin = 2.7.23 versions...

memoffset allows reading uninitialized memory

memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...

RUSTSEC-2023-0045 memoffset allows reading uninitialized memory

memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...

Malicious Package

Overview yandex-logger-std is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

MAL-2023-987 Malicious code in yandex-logger-std (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c058819d25d1e98333c17166cbad13c51000407b8955ed454fc161515450ce71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in yandex-logger-std (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c058819d25d1e98333c17166cbad13c51000407b8955ed454fc161515450ce71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

buf_redux is Unmaintained

Last release was over three years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. The safety-undocumented unsafe in the...

CVE-2022-47515

An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service daemon crash via a long message in a TCP request that leads to std::lengtherror...

Cross site request forgery (csrf)

An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service daemon crash via a long message in a TCP request that leads to std::lengtherror...

OSV-2022-1261 UNKNOWN WRITE in void std::__1::allocator_traits<std::__1::allocator<wabt::interp::HandlerDesc> >

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54245 Crash type: UNKNOWN WRITE Crash state: void std::1::allocatortraits void std::1::vectorwabt::interp::HandlerDesc, std::1::allocatorwabt::inter std::1::vectorwabt::interp::HandlerDesc, std::1::allocatorwabt::interp::Ha...

CVE-2022-43281

wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector::size at /bits/stlvector.h...