68 matches found
EUVD-2000-0857
Malware in sbrugna...
EUVD-2014-3853
Malware in sbrugna...
EUVD-2014-9434
Malware in sbrugna...
EUVD-2021-2103
Malware in sbrugna...
ROS-20250929-04
Vulnerability of MultipartStream class of the Commons FileUpload library exists due to insufficient validation of the of input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service consumption of computational resources using a long string...
CVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...
CVE-2021-27179
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string...
CVE-2019-11387
An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with nested repetition operators...
Improper Handling of Exceptional Conditions
Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the streamcomplete method of the LangChainLLM class. An attacker can disrupt service availability by providing an input of type...
Duplicate Advisory: Uptime Kuma ReDoS vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hx7h-9vf7-5xhg. This link is maintained to preserve external references. Original Description Uptime Kuma == 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through th...
GHSA-JQCP-XC3V-F446 fast-float2 has a segmentation fault due to lack of bound check
In this case, the "fastfloat2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...
MongoDB Rust driver may issue unintended commands
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...
CVE-2024-6382
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...
CVE-2023-29414
A CWE-120: Buffer Copy without Checking Size of Input Classic Buffer Overflow vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call...
zstd vulnerable to buffer overrun
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...
SUSE CVE-2015-4604
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service application crash or possibly...
SUSE CVE-2022-35737
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...
Improper String/Integer Input Validation Leads to the Crashing of Site
Description If you give the string input in the Start/End time field, then the application will stop working. Proof of Concept 1. Go to "Settings-General-Reconnection" 2. Change activated to "on" 3. On every input fields place any string for example put: "test" 4. Click on save and refresh 5. The...
USN-5712-1 sqlite3 vulnerability
It was discovered that SQLite did not properly handle large string inputs in certain circumstances. An attacker could possibly use this issue to cause a denial of service or arbitrary code execution...
OESA-2022-1909 sqlite security update
SQLite is a C-language library that implements a small, fast, self-contained,high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...