25 matches found
EUVD-2011-4527
Malware in sbrugna...
EUVD-2010-1302
Malware in sbrugna...
EUVD-2011-4525
Malware in sbrugna...
EUVD-2023-0886
Malicious code in bioql PyPI...
Important: ghostscript
Issue Overview: PDF interpreter - Guard against unsigned int overflow. A large Type 4 function definition can overflow the uint counter, causing the allocated buffer to be smaller than required. Info: https://bugs.ghostscript.com/showbug.cgi?id=708253 Patch:...
RUSTSEC-2024-0001 Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8
Affected versions receive a &u8 from the caller through a safe API, and pass it directly to the unsafe str::fromutf8unchecked function. The behavior of ferrissays::say is undefined if the bytes from the caller don't happen to be valid UTF-8. The flaw was corrected in ferris-says21 by using the sa...
CVE-2023-28631 Attacker controlled data in AST nodes is not validated in comrak
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...
SUSE-SU-2022:14903-1 Security update for expat
This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs bsc1196025. - CVE-2022-25235: Fixed UTF-8 character validation in a certain context bsc1196026. - CVE-2022-25313: Fixed stack exhaustion in buildmodel vi...
OPENSUSE-SU-2022:0713-1 Security update for expat
This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs bsc1196025. - CVE-2022-25235: Fixed UTF-8 character validation in a certain context bsc1196026. - CVE-2022-25313: Fixed stack exhaustion in buildmodel vi...
Security update for expat (important)
openSUSE Security Update: Security update for expat Announcement ID: openSUSE-SU-2022:0713-1 Rating: important References: 1196025 1196026 1196168 1196169 1196171 Cross-References: CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVSS scores: CVE-2022-25235 NVD : 9.8...
SUSE: Security Advisory (SUSE-SU-2018:3966-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES11 Security Update : glib2 (SUSE-SU-2018:3966-1)
This update for glib2 fixes the following issues : Security issues fixed : CVE-2018-16429: Fixed out-of-bounds read vulnerability ingmarkupparsecontextparse bsc1107116. Fixing potentially exploitable bugs in UTF-8 validation in Variant and DBUS message parsing bsc1111499. Note that Tenable Networ...
SUSE-SU-2018:3966-1 Security update for glib2
This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16429: Fixed out-of-bounds read vulnerability ingmarkupparsecontextparse bsc1107116. - Fixing potentially exploitable bugs in UTF-8 validation in Variant and DBUS message parsing bsc1111499...
HTTP File Server Remote Command Execution Vulnerability-01 (Jan 2016)
HTTP File Server is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
MGASA-2015-0349 Updated libidn packages fix CVE-2015-2059
Updated libidn packages fix security vulnerability: In libidn before 1.31, stringpreputf8toucs4 did not validate that the input UTF-8 string was actually valid UTF-8, which could lead to out-of-bounds reads CVE-2015-2059...
CVE-2015-2058
c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID...
CVE-2012-6152
CVE-2012-6152 affects Pidgin’s Yahoo! protocol plugin (libpurple) before 2.10.8. The vulnerability arises from improper validation of UTF-8 data, enabling a remote attacker to crash the application (DoS) via crafted byte sequences. Affected: Pidgin/libpurple up to version 2.10.7.x; remediator: up...
CVE-2012-6152
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service application crash via crafted byte sequences...
CVE-2011-4601
familyfeedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service application crash via a crafted 1 AIM or 2 ICQ message associated with buddy-list addition...
Design/Logic Flaw
familyfeedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service application crash via a crafted 1 AIM or 2 ICQ message associated with buddy-list addition...