177 matches found
AZL-50833 CVE-2024-49860 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...
Malicious code in str-or-num (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9869 Malicious code in str-or-num (npm)
--- -= Per source details. Do not edit below this line.=-...
The vulnerability of the MatchDomainName() function in the SSL/TLS library WolfSSL allows a attacker to influence the accessibility of protected information.
The vulnerability of the MatchDomainName function in the SSL/TLS library WolfSSL is related to the escape of the operation beyond the buffer in memory due to incorrect checking of pointers during the processing of the str parameter. Exploiting this vulnerability could allow a remote attacker to...
CLSA-2024-1726314076 python2: Fix of CVE-2023-27043
Bugfix for CVE-2023-27043, use str instead of unicode, adjust tests according to python2 specification...
CLSA-2024-1725544866 python2: Fix of CVE-2023-27043
Bugfix for CVE-2023-27043, use str instead of unicode, adjust tests according to python2 specification...
CLSA-2024-1725382525 python: Fix of CVE-2023-27043
Bugfix for CVE-2023-27043, use str instead of unicode, adjust tests according to python2 specification...
CVE-2024-5991
In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...
The kstring integration in gix-attributes is unsound
gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...
RUSTSEC-2024-0359 The kstring integration in gix-attributes is unsound
gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...
PT-2024-6211 · Unknown +2 · Hdf5 Library +2
Name of the Vulnerable Software and Affected Versions: HDF5 Library versions prior to 1.14.4 Description: The issue is related to the h5tools str sprint function in the h5tools str.c file of the HDF5 Library, which may attempt to dereference uninitialized values. This could potentially allow an...
PT-2024-2168 · Unknown · Gguf Library
Name of the Vulnerable Software and Affected Versions: GGUF library version Commit 18c2e17 Description: A heap-based buffer overflow vulnerability exists in the GGUF library gguf fread str functionality of llama.cpp. This vulnerability can be triggered by a specially crafted .gguf file, potential...
PT-2024-40564 · Git +1 · Mruby
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the functions mrb memsearch, str convert range, and...
PT-2024-40558 · Git +1 · Mruby
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A heap-buffer-overflow READ 2 crash has been reported. The crash involves the following functions: mrb memsearch, mrb str split m, and mrb vm exec...
TONGDA Office Anywhere SQL Injection Vulnerability
TONGDA Office Anywhere is a collaborative office OA system. A SQL injection vulnerability exists in TONGDA Office Anywhere 2017 version 11.10 and earlier versions, which stems from an incorrect operation of the parameter DELETESTR that can lead to sql injection...
GHSA-7M7H-RGVP-3V4R hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function
hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service DoS via manipulation of the first two parameters...
CVE-2023-6607
A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERMIDSTR leads to sql injection. The exploit has been disclosed to t...
Tongda OA SQL Injection Vulnerability
Tongda2000 is a web-based intelligent office system from China Tongda Tongda. Tongda OA 2017 11.10 and earlier versions suffer from a SQL injection vulnerability that originates from the presence of an unknown function in general/wiki/cp/manage/delete.php, which leads to SQL injection via the...
CVE-2023-48811
In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function that when passed to the CsteSystem function creates a command execution vulnerability...
CVE-2023-48810
In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...