34 matches found
OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...
OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...
OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...
OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...
mruby stack buffer overflow vulnerability
mruby is a lightweight implementation of the Ruby language that conforms to a portion of the ISO standard. A stack buffer overflow vulnerability exists in mrbstrlentodbl in string.c in mruby 2.1.0. No detailed vulnerability details are provided at this time...
Information Disclosure
Microsoft Chakracore is vulnerable to information disclosure. This is due to a use-after-free UAF bug when accessing a local Javascript String buffer, which allows an attacker to obtain sensitive information to perform further attacks against the system...
Format string
MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this...
CVE-2009-1057
MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this...
CVE-2009-1057
MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this...
CVE-2009-1057
CVE-2009-1057 affects MicroSmarts Enterprise ZipItFast! 3.0. A crafted .zip file triggers a memory corruption vulnerability described as a format string buffer overflow, enabling remote code execution. The CVE description notes that it has not been investigated whether the particular file.zip cou...
Preemptive Protection against Oracle WebLogic Server Apache Connector HTTP Version String Buffer Vulnerability
A string buffer overflow vulnerability has been reported in Oracle BEA WebLogic Server Apache Connector. BEA WebLogic Server is a Java Application Server platform that supports various databases including Oracle. A remote attacker may exploit this vulnerability to execute arbitrary code on a...
ruby: Integer overflows in rb_str_buf_append()
Multiple integer overflows in the rbstrbufappend function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that...
Rlpr 2.0 - 'msg()' Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/10578/info It is reported that rlpr is prone to multiple vulnerabilities. These vulnerabilities can allow a remote attacker to execute arbitrary code in order to gain unauthorized access. The application is affected by a format string vulnerability. This...
DSA-524 rlpr - several vulnerabilities
Bulletin has no description...