PT-2026-40293

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb convert encoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

CVE-2026-22212

TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy and strcat functions when constructing device paths during automatic device discovery. A local attacker can exploit this by...

EUVD-2004-0354

Malware in sbrugna...

EUVD-2006-4470

Malware in sbrugna...

EUVD-2021-28299

Malicious code in bioql PyPI...

CLSA-2025-1758705181 glib2: Fix of CVE-2020-35457

CVE-2020-35457: fix integer overflow in goptiongroupaddentries to prevent potential out-of-bounds write - Bug775510: avoid calling Standard C string/array functions with NULL arguments...

glibc bug fix update

2.28-251.0.3.25 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi Oracle history: June-9-2025 Cupertino Miranda - 2.28-251.0.3.22 - Forward port of Oracle patches Reviewed-by: David Faust April-14-2025 Cupertino Miranda - 2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by:...

glibc security update

2.28-251.0.3.25 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi Oracle history: June-9-2025 Cupertino Miranda - 2.28-251.0.3.22 - Forward port of Oracle patches Reviewed-by: David Faust April-14-2025 Cupertino Miranda - 2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by:...

SUSE CVE-2022-50050

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

glibc security update

2.28-251.0.3.22 - Forward port of Oracle patches Reviewed-by: David Faust Oracle history: April-14-2025 Cupertino Miranda - 2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by: Elena Zannoni March-26-2025 Cupertino Miranda - 2.28-251.0.3.14 - OraBug: 36625686 Add MTE support on string...

CVE-2021-41253

Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in zycore in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis...

glibc security update

2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by: Elena Zannoni Oracle history: March-26-2025 Cupertino Miranda - 2.28-251.0.3.14 - OraBug: 36625686 Add MTE support on string functions Reviewed-by: Jose E. Marchesi March-17-2025 Cupertino Miranda - 2.28-251.0.2.14 - Forward port of...

glibc security update

2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by: Elena Zannoni Oracle history: March-26-2025 Cupertino Miranda - 2.28-251.0.3.14 - OraBug: 36625686 Add MTE support on string functions Reviewed-by: Jose E. Marchesi March-17-2025 Cupertino Miranda - 2.28-251.0.2.14 - Forward port of...

CVE-2024-54456

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfssysfslinkrpcclient name is char64 where the size of clnt-clprogram-name remains unknown. Invoking strcat directly will also lead to potential buffer overflow. Change them to strscpy and...

PT-2024-8762 · Unknown · Spring Security

Name of the Vulnerable Software and Affected Versions: Spring Security affected versions not specified Description: The issue is related to the use of String.toLowerCase and String.toUpperCase functions in the Java framework for Spring Security, which can lead to improper authorization. This is d...

RUSTSEC-2023-0076 `cpython` is unmaintained

The cpython crate and the underlying python3-sys and python27-sys crates have been marked as no longer actively maintained by the developer. There are also open issues for unsound code that is currently in these crates: - cpython265: Using some string functions causes segmentation faults on...

SUSE CVE-2020-8174

napigetvaluestring allows various kinds of memory corruption in node 10.21.0, 12.18.0, and 14.4.0...

CVE-2022-33185

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user accoun...

CVE-2022-33185. Several commands in Brocade Fabric OS use unsafe string function to process user input

Security Advisory ID : BSA-2022-2078 Component : FOS Revision : 1.1 Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer...

MGASA-2022-0052 Updated glibc packages fix security vulnerability

Updated glibc packages fix security vulnerability: An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to...