PYSEC-2021-855

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects...

Design/Logic Flaw

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...

Squid Multiple DoS Vulnerabilities (SQUID-2016:2) - Windows

Squid is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

DLA-200-1 ruby1.9.1 - security update

Bulletin has no description...

Debian DSA-3157-1 : ruby1.9.1 - security update

Multiple vulnerabilities were discovered in the interpreter for the Ruby language : - CVE-2014-4975 The encodes function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service crash or arbitrary code...

Debian Security Advisory DSA 3157-1 (ruby1.9.1 - security update)

Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2014-4975 The encodes function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service crash or arbitrary code executio...

Updated ruby packages fix security vulnerabilities

Will Wood discovered that Ruby incorrectly handled the encodes function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a...

(Pwn2Own\Pwn4Fun) Apple Webkit JSStringJoiner Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Information disclosure

Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."...

Microsoft Office Visio Global Buffer Overflow (MS11-060; CVE-2011-1979)

A remote code execution vulnerability has been reported in Microsoft Office Visio. The vulnerability is due insufficient validation of the Length value while handling UML String objects in office Visio files. A remote attacker could exploit this vulnerability by enticing a target user to open a...

python: stringobject, unicodeobject integer overflows

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by 1 the stringexpandtabs function in Objects/stringobject.c and 2 the...

CVE-2006-3806

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving 1 long strings in the toSource method of the Object, Array, and String objects...