PT-2024-18938 · Npm · Node-Stringbuilder

Name of the Vulnerable Software and Affected Versions: node-stringbuilder versions all Description: The issue arises from incorrect memory length calculation in the node-stringbuilder package, leading to an Out-of-bounds Read. This occurs when methods such as ToBuffer, ToString, or CharAt are...

CVE-2024-39614

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. getsupportedlanguagevariant was subject to a potential denial-of-service attack when used with very long strings containing specific characters...

UBUNTU-CVE-2024-39614

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. getsupportedlanguagevariant was subject to a potential denial-of-service attack when used with very long strings containing specific characters...

PYSEC-2024-60

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...

The vulnerability of the microprogrammed software in the industrial cellular LTE modem OnCell G3470A-LTE arises from the use of uncontrolled format strings when processing binary files. This allows a hacker to trigger a service failure.

The vulnerability of the microprogrammed software in the industrial cellular LTE modem OnCell G3470A-LTE is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

Artifex Ghostscript Formatting String Error Vulnerability

Artifex Ghostscript is a free software package from Artifex, Inc. based on Adobe, PostScript, and the Portable Document Format page description language. A security vulnerability exists in Artifex Ghostscript prior to version 10.03.1 that exploits a memory corruption and SAFER sandbox bypass that...

GHSA-32JF-H775-G29H MongoDB Rust driver may issue unintended commands

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

Authentication Bypass

TYPO3 is vulnerable to Authentication Bypass. The vulnerability is due to the default authentication service failing to invalidate empty strings as passwords...

PT-2024-4814 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue is related to the disclosure of information through a query string, potentially allowing a remote attacker to gain unauthorized access to protected information. This could ...

USN-5615-3: SQLite vulnerability

USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. Original advisory details: It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash...

PT-2024-27173 · Teldats · Teldat M1

Name of the Vulnerable Software and Affected Versions: Teldat M1 version 11.00.05.50.01 Description: The issue is related to incorrect access control, allowing attackers to obtain sensitive information by using a crafted query string. Recommendations: For Teldat M1 version 11.00.05.50.01, conside...

CVE-2024-6300

CVE-2024-6300 affects Conduit. Description and multiple connected sources confirm an incomplete cleanup during redactions, enabling an attacker to check whether certain strings were present in a PDU before redaction. Reported in multiple CVE feeds and vendor advisories; some references note histo...

PT-2024-37522 · Conduit · Conduit

Name of the Vulnerable Software and Affected Versions: Conduit affected versions not specified Description: The issue is related to incomplete cleanup when performing redactions in Conduit. This allows an attacker to determine whether certain strings were present in the PDU before redaction...

PT-2024-4557 · Moxa · Oncell G3470A-Lte Series

Name of the Vulnerable Software and Affected Versions: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior Description: The issue is related to the use of uncontrolled format strings, which can be exploited by a remote attacker to cause a denial of service. An attacker could modify an...

CVE-2024-29510

A flaw in Ghostscript has been identified where the uniprint device allows users to pass various string fragments as device options. These strings, particularly upWriteComponentCommands and upYMoveCommand, are treated as format strings for gpfprintf and gssnprintf. This lack of restriction permit...

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA...

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

ruby: Arbitrary memory address read vulnerability with Regex search

A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...

psf/black: ReDoS via the lines_with_leading_tabs_expanded() function in strings.py file

The python-black package is susceptible to a regular expression denial of service ReDoS vulnerability, found in the lineswithleadingtabsexpanded function within the strings.py file. This vulnerability could be exploited by running Black on untrusted input or by inserting numerous leading tab...

CLSA-2024-1717692967 libxml2: Fix of 2 CVEs

CVE-2023-29469: dict.c: fix non-deterministic hashing of empty dict strings - CVE-2023-28484: fix NULL pointer dereferences in xmlSchemaFixupComplexType and xmlSchemaCheckCOSSTDerivedOK...