Lucene search
K

177 matches found

OSV
OSV
added 2024/10/21 1:15 p.m.18 views

AZL-50833 CVE-2024-49860 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

7.1CVSS6.8AI score0.00253EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 1:20 p.m.2 views

Malicious code in str-or-num (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 1:20 p.m.2 views

MAL-2024-9869 Malicious code in str-or-num (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/09/20 12:0 a.m.6 views

The vulnerability of the MatchDomainName() function in the SSL/TLS library WolfSSL allows a attacker to influence the accessibility of protected information.

The vulnerability of the MatchDomainName function in the SSL/TLS library WolfSSL is related to the escape of the operation beyond the buffer in memory due to incorrect checking of pointers during the processing of the str parameter. Exploiting this vulnerability could allow a remote attacker to...

7.8CVSS5.7AI score0.0056EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/09/14 11:41 a.m.5 views

CLSA-2024-1726314076 python2: Fix of CVE-2023-27043

Bugfix for CVE-2023-27043, use str instead of unicode, adjust tests according to python2 specification...

5.3CVSS6.8AI score0.02527EPSS
Exploits1References1
OSV
OSV
added 2024/09/05 2:1 p.m.9 views

CLSA-2024-1725544866 python2: Fix of CVE-2023-27043

Bugfix for CVE-2023-27043, use str instead of unicode, adjust tests according to python2 specification...

5.3CVSS6.8AI score0.02527EPSS
Exploits1References1
OSV
OSV
added 2024/09/03 4:55 p.m.8 views

CLSA-2024-1725382525 python: Fix of CVE-2023-27043

Bugfix for CVE-2023-27043, use str instead of unicode, adjust tests according to python2 specification...

5.3CVSS6.8AI score0.02527EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2024/08/27 6:33 p.m.14 views

CVE-2024-5991

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...

10CVSS7.1AI score0.0056EPSS
Exploits0
RustSec
RustSec
added 2024/07/24 12:0 p.m.6 views

The kstring integration in gix-attributes is unsound

gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...

7AI score
Exploits0Affected Software1
OSV
OSV
added 2024/07/24 12:0 p.m.13 views

RUSTSEC-2024-0359 The kstring integration in gix-attributes is unsound

gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...

7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.3 views

PT-2024-6211 · Unknown +2 · Hdf5 Library +2

Name of the Vulnerable Software and Affected Versions: HDF5 Library versions prior to 1.14.4 Description: The issue is related to the h5tools str sprint function in the h5tools str.c file of the HDF5 Library, which may attempt to dereference uninitialized values. This could potentially allow an...

5.7CVSS7.5AI score0.00227EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.3 views

PT-2024-2168 · Unknown · Gguf Library

Name of the Vulnerable Software and Affected Versions: GGUF library version Commit 18c2e17 Description: A heap-based buffer overflow vulnerability exists in the GGUF library gguf fread str functionality of llama.cpp. This vulnerability can be triggered by a specially crafted .gguf file, potential...

9.8CVSS9.7AI score0.01349EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/02/15 12:0 a.m.4 views

PT-2024-40564 · Git +1 · Mruby

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the functions mrb memsearch, str convert range, and...

6.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/15 12:0 a.m.4 views

PT-2024-40558 · Git +1 · Mruby

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A heap-buffer-overflow READ 2 crash has been reported. The crash involves the following functions: mrb memsearch, mrb str split m, and mrb vm exec...

7AI score
Exploits0References2
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.5 views

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. A SQL injection vulnerability exists in TONGDA Office Anywhere 2017 version 11.10 and earlier versions, which stems from an incorrect operation of the parameter DELETESTR that can lead to sql injection...

9.8CVSS8.4AI score0.00617EPSS
Exploits1References4
OSV
OSV
added 2023/12/27 9:31 p.m.1 views

GHSA-7M7H-RGVP-3V4R hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service DoS via manipulation of the first two parameters...

7.5CVSS5.8AI score0.00654EPSS
Exploits1References4
OSV
OSV
added 2023/12/08 2:15 p.m.5 views

CVE-2023-6607

A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERMIDSTR leads to sql injection. The exploit has been disclosed to t...

7.5CVSS5.6AI score0.00716EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/12/08 12:0 a.m.6 views

Tongda OA SQL Injection Vulnerability

Tongda2000 is a web-based intelligent office system from China Tongda Tongda. Tongda OA 2017 11.10 and earlier versions suffer from a SQL injection vulnerability that originates from the presence of an unknown function in general/wiki/cp/manage/delete.php, which leads to SQL injection via the...

7.5CVSS6.2AI score0.00716EPSS
Exploits1References4
NVD
NVD
added 2023/11/30 6:15 p.m.14 views

CVE-2023-48811

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function that when passed to the CsteSystem function creates a command execution vulnerability...

9.8CVSS0.01536EPSS
Exploits1References1
NVD
NVD
added 2023/11/30 6:15 p.m.23 views

CVE-2023-48810

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

9.8CVSS0.01536EPSS
Exploits1References1
Rows per page
Query Builder