GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE and EE versions 17.4 through 18.2...

PT-2025-39624

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.4 through 18.2.6 GitLab CE/EE versions 18.3 through 18.3.2 GitLab CE/EE versions 18.4 through 18.4.0 Description Certain string conversion methods within the software demonstrate performance degradation when processing...

Linux Distros Unpatched Vulnerability : CVE-2022-0529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This fl...

Linux Distros Unpatched Vulnerability : CVE-2022-0530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This fl...

CVE-2021-43620

An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::fromptr on a pointer to the string buffer, the string ...

CVE-2005-3172

The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow...

CVE-2025-1471 Eclipse OMR: Buffer overflow vulnerability

In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized...

CVE-2025-1471 Eclipse OMR: Buffer overflow vulnerability

In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized...

Conversion of a wide string to a local string that leads to a heap of out-of-bound write

...

CVE-2024-42284

...

CLSA-2024-1716917767 unzip: Fix of CVE-2022-0530

CVE-2022-0530: possible flaw occurance during the conversion of a wide string to a local string...

BIT-RUBY-2022-28739

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including KernelFloat and Stringtof...

GLSA-202310-17 : UnZip: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202310-17 UnZip: Multiple Vulnerabilities - A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to...

[SECURITY] Fedora 38 Update: golang-github-xhit-str2duration-2.1.0-3.fc38

Convert string to duration in golang...

[SECURITY] Fedora 37 Update: golang-github-xhit-str2duration-2.1.0-3.fc37

Convert string to duration in golang...

[SECURITY] Fedora 39 Update: golang-github-xhit-str2duration-2.1.0-3.fc39

Convert string to duration in golang...

Design/Logic Flaw

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

CVE-2023-37899 feathersjs socket handler allows abusing implicit toString

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

PT-2023-26168 · Unknown · Feathersjs

Name of the Vulnerable Software and Affected Versions: Feathersjs versions prior to 4.5.18 Feathersjs versions prior to 5.0.8 Description: The Feathers socket handler did not catch invalid string conversion errors, which could cause the NodeJS process to crash when sending an unexpected Socket.io...

Feathers 代码问题漏洞

Feathers is Feathers open source a lightweight Web framework. Used to create APIs and real-time applications using TypeScript or JavaScript. Feathers has a code issue vulnerability , the vulnerability stems from the socket handler does not catch invalid string conversion errors , which can cause...