SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

The error rendering code from the parser would panic when handling failed parsing of queries where the error occurred when converting an empty string to a SurrealDB value. This would be the case when casting an empty string to a record, duration or datetime, as well as potentially when parsing an...

GHSA-QJRV-V6QP-X99X SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

The error rendering code from the parser would panic when handling failed parsing of queries where the error occurred when converting an empty string to a SurrealDB value. This would be the case when casting an empty string to a record, duration or datetime, as well as potentially when parsing an...

CVE-2024-41592

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs...

USN-7054-1 unzip vulnerability

It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary co...

Apache Linkis 加密问题漏洞

Apache Linkis is a middleware product from the Apache Foundation that establishes an efficient connection between upper-tier applications and the underlying data engine. An encryption issue vulnerability exists in Apache Linkis version 1.5.0 and prior versions, which stems from the use of Commons...

kernel: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

A vulnerability was found in the Linux kernel in the csdsp firmware involving the V2 algorithm headers and the wmfw V2 format, which introduced variable-length strings into the algorithm block header. This means the overall header length is variable and without proper checks can result in an...

Malicious code in ibm-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d299d0b8d9bf7cc9c318e385566c4f1c9c972374224f38ac12d8fb90612dbdb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8917 Malicious code in ibm-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d299d0b8d9bf7cc9c318e385566c4f1c9c972374224f38ac12d8fb90612dbdb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE-SU-2024:3267-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus: - Security issues fixed: CVE-2024-6104: Update go-retryablehttp to version 0.7.7 bsc1227038 CVE-2023-45142: Updated otelhttp to version 0.46.1 bsc1228556 - Require Go 1.20 for building - Migrate from disabled to manual...

SUSE-SU-2024:3266-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus: - Security issues fixed: CVE-2024-6104: Update go-retryablehttp to version 0.7.7 bsc1227038 CVE-2023-45142: Updated otelhttp to version 0.46.1 bsc1228556 - Require Go 1.20 for building - Migrate from disabled to manual...

CVE-2024-6656

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13...

CVE-2024-6656

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13...

CVE-2024-6656

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13...

CVE-2024-6656

The CVE-2024-6656 issue affects TNB Mobile Solutions Cockpit Software prior to v2.13, where hard-coded credentials enable reading sensitive strings within an executable. Public descriptions (NVD/Red Hat/CNNVD) align on the flaw and affected version range; CVSS metrics indicate high/critical impac...

CVE-2024-6656 Hardcoded Credentals in TNB Mobile Solutions' Cockpit Software

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13...

PT-2024-37781 · Tnb Mobile Solutions · Tnb Mobile Solutions Cockpit

Name of the Vulnerable Software and Affected Versions: TNB Mobile Solutions Cockpit Software versions prior to v2.13 Description: The issue is related to the use of hard-coded credentials in TNB Mobile Solutions Cockpit Software, allowing unauthorized access to read sensitive strings within an...

PT-2024-40949 · Anstream · Anstream

Name of the Vulnerable Software and Affected Versions: anstream affected versions not specified Description: The issue arises when the function in anstream's adapter/strip.rs is given a valid UTF8 string containing non-printable bytes, such as "öx1b😀". The function incorrectly segments the UTF8...

OESA-2024-2094 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer...

OESA-2024-2093 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer...

BIND TKEY Query Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BIND TKEY Query Denial of Service', 'Description' = %q This module sends a malformed TKEY query, which exploits an error in handling TKEY queries...