moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

SQL Injection

sequelize is vulnerable to SQL Injection. The vulnerability exists because the library does not properly escape the query strings in the replacement parameter used in the where clause, allowing an attacker to inject and execute malicious SQL queries...

PT-2023-12727 · Litedb · Litedb

Name of the Vulnerable Software and Affected Versions: LiteDB versions prior to 5.0.13 Description: The issue concerns the deserialization of untrusted data in LiteDB, a .NET NoSQL embedded database. When instances of an object are not the same class, BsonMapper uses a special field type string...

CLSA-2023-1677095961 git: Fix of 6 CVEs

CVE-2022-41903: fix out-of-bounds write caused by integer overflow - CVE-2021-40330: forbid newlines in host and path - CVE-2022-39260: reject too long command line strings - CVE-2021-23521: implement size checks for .gitattributes - CVE-2023-22490: prevent arbitrary path exfiltration when using...

K34508112: Pango vulnerability CVE-2019-1010238

Security Advisory Description Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vecto...

c-ares 输入验证错误漏洞

c-ares is a C library for asynchronous DNS requests from the individual developer of c-ares. A security vulnerability exists in c-ares that stems from a lack of checking the validity of input strings, which could be exploited by an attacker to cause a denial of service due to an arbitrarily long...

SUSE CVE-2006-0410

SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings...

SUSE CVE-2006-1905

Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file...

SUSE CVE-2006-2453

Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480...

SUSE CVE-2006-3600

Multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp TunePimp 0.4.2 allow remote user-assisted attackers to cause a denial of service application crash and possibly execute code via a long 1 Album release date MBEReleaseGetDate, 2 data, or 3 error strings...

SUSE CVE-2006-4980

Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts...

SUSE CVE-2007-3388

Multiple format string vulnerabilities in 1 qtextedit.cpp, 2 qdatatable.cpp, 3 qsqldatabase.cpp, 4 qsqlindex.cpp, 5 qsqlrecord.cpp, 6 qglobal.cpp, and 7 qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifier...

SUSE CVE-2007-4783

The iconvsubstr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause 1 a denial of service application crash via a long string in the charset parameter, probably also requiring a long string in the str parameter; or 2 a denial of service temporary application hang via a...

SUSE CVE-2009-1633

Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service memory corruption and possibly have unspecified other impact via 1 a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or ...

SUSE CVE-2010-0547

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the 1 device name and 2 mountpoint strings are composed of valid characters, which allows local users to cause a denial of service mtab corruption via a crafted string...

SUSE CVE-2010-3840

The Gislinestring::initfromwkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service server crash by calling the PolyFromWKB function with Well-Known Binary WKB data containing a crafted number of 1 line strings or 2 line points...

SUSE CVE-2011-1003

Double free vulnerability in the vbareadprojectstrings function in vbaextract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications VBA data in a Microsoft Office document. NOTE: some of these details are obtained fro...

SUSE CVE-2011-2724

The checkmtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the 1 device name and 2 mountpoint strings are composed of valid characters, which allows local users to cause a denial of service mtab corruption via a crafted string...

SUSE CVE-2012-1618

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standardconformingstrings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to...