qs: qs: Denial of Service via improper input validation in array parsing

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

EUVD-2018-0267

Malware in sbrugna...

EUVD-2024-53858

Malicious code in bioql PyPI...

Huawei HarmonyOS interpreter string module out-of-bounds read vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds read vulnerability exists in the Huawei HarmonyOS interpreter string module, which can be exploited by an attacker to cause availability to ...

CVE-2024-57956

Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-57956

Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-57956

Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-57956

Huawei HarmonyOS contains an out-of-bounds read vulnerability in the interpreter string module (CVE-2024-57956). Descriptions across CNVD/CNNVD and related feeds indicate the issue can be exploited to compromise availability. No concrete exploit details, affected versions, or patches are provided...

CVE-2024-57956

Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-57956

Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability...

PT-2025-5814 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is an out-of-bounds read vulnerability in the interpreter string module. Successful exploitation of this vulnerability may affect availability...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds read vulnerability exists in the Huawei HarmonyOS interpreter string module, which can be exploited by an attacker to cause availability to ...

GHSA-5RFV-66G4-JR8H RestrictedPython information leakage via `AttributeError.obj` and the `string` module

Impact A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. Patches The problem will be fixed in version 7.3. Workarounds If the application does not require access to the module string, it can remove it from...

PYSEC-2024-186

RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...

DEBIAN-CVE-2024-47532

RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...

UBUNTU-CVE-2024-47532

RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...

CVE-2024-47532 RestrictedPython information leakage via `AttributeError.obj` and the `string` module

RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...

CVE-2024-47532 RestrictedPython information leakage via `AttributeError.obj` and the `string` module

RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...

Remote Code Execution (RCE)

accesscontrol is vulnerable to remote code execution. Having full access to Python's string module allows users with admin-level Zope "Manager" role to access to the class Formatter, which can be overridden and extended within Script Python in a way that provides access to other unsafe Python...

PYSEC-2021-875

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...