| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
|
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
|
| An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. |
| In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data. |
| In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. |
| An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. |
| The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file. |
| An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. |
| The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. |
| Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. |
| Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb. |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference lies in that "sslfactory" and related parameters need to be triggered after establishing the connection. Other similar parameters include "sslhostnameverifier", "sslpasswordcallback", and "authenticationPluginClassName". This issue has been patched in 2.10.11. |
| Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.
The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI
differs from the common browsers in how it handles a URI that would be
considered invalid if fully validated against the RRC. Specifically HttpURI
and the browser may differ on the value of the host extracted from an
invalid URI and thus a combination of Jetty and a vulnerable browser may
be vulnerable to a open redirect attack or to a SSRF attack if the URI
is used after passing validation checks. |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11. |
| Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. |
| Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. |
| A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. |
| Null pointer dereference vulnerability in the PDF preview module
Impact: Successful exploitation of this vulnerability may affect function stability. |
| Null pointer dereference vulnerability in the PDF preview module
Impact: Successful exploitation of this vulnerability may affect function stability. |