CVE-2023-52845

In the Linux kernel, the following vulnerability has been resolved: tipc: Change nlapolicy for bearer-related names to NLANULSTRING syzbot reported the following uninit-value access issue 1: ===================================================== BUG: KMSAN: uninit-value in strlen lib/string.c:418...

CVE-2024-0816

The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50ABVY.4C0 could allow an authenticated local attacker to cause denial of service DoS conditions by executing the CLI command with crafted strings on an affected device...

CVE-2024-0816

The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50ABVY.4C0 could allow an authenticated local attacker to cause denial of service DoS conditions by executing the CLI command with crafted strings on an affected device...

OESA-2024-1611 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the...

The vulnerability of the Apache Maven framework, related to improper encoding or output filtering, allows attackers to execute injection attacks through command-line interfaces.

The vulnerability of the Apache Maven framework is related to the generation of strings in double quotes without proper encapsulation. Exploiting this vulnerability allows an attacker to perform injection attacks through the command shell...

CVE-2024-33577

A vulnerability has been identified in Simcenter Femap All versions V2406. The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current...

ALPINE-CVE-2024-27282

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...

PT-2024-3560

Name of the Vulnerable Software and Affected Versions FortiProxy versions 1.1.0 through 1.2.13 FortiProxy versions 2.0.0 through 2.0.13 FortiProxy versions 7.0.0 through 7.2.5 FortiPAM versions 1.0.0 through 1.1.0 FortiOS versions 6.2.0 through 7.4.0 FortiSwitchManager versions 7.0.0 through 7.2....

RHEL 7 : unzip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - unzip: Heap-based buffer overflow in fileio.c:UzpPassword function allows code execution CVE-2018-1000035...

glibc: netgroup cache assumes NSS callback uses in-buffer strings

A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash...

CVE-2024-27282

CVE-2024-27282 affects Ruby 3.x through 3.3.0: attacker-supplied data in the Ruby regex compiler may read arbitrary heap data from the start of the text, including pointers and sensitive strings. Fixed versions: 3.0.7, 3.1.5, 3.2.4, and 3.3.1. Multiple connected advisories reference this CVE and ...

CVE-2024-33602

...

DEBIAN-CVE-2024-33602

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerabili...

CVE-2024-33602

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerabili...

AZL-40319 CVE-2024-33602 affecting package glibc for versions less than 2.35-7

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerabili...

CVE-2024-33602 nscd: netgroup cache assumes NSS callback uses in-buffer strings

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerabili...

Integer Overflow

uriparser is vulnerable to an Integer overflow. The vulnerability is due to insufficient input validation in ComposeQueryMallocExMm within UriQuery.c , which allows attackers to cause a Denial of service via long crafted strings...

SUSE CVE-2024-34403

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string...

AZL-43228 CVE-2024-34403 affecting package uriparser 0.9.7-2

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string...

AZL-40055 CVE-2024-2757 affecting package php for versions less than 8.3.6-1

In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...