Threats Tagged 'cwe-1284'

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead of in fixed-size chunks. This vulnerability is fixed in 0.0.31.

CVE-2026-49110 is a high severity vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce versions up to and including 3.1.4. It involves improper validation of specified quantity in input, leading to unauthenticated broken authentication. This flaw allows an attacker to impact the integrity of the system without requiring user interaction or privileges.

CVE-2026-45441 is a high-severity vulnerability in Magepeople inc.'s WpEvently plugin affecting versions up to and including 5.3.3. It involves improper validation of specified quantity in input, classified under CWE-1284. The vulnerability can be exploited without authentication and does not impact confidentiality or availability but can cause a high integrity impact. No official patch or remediation guidance is currently available from the vendor.

Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 versions.

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.

A vulnerability in libnfs versions up to and including 6.0.2 allows improper validation of string size, causing an integer overflow during connection to a crafted NFS server. This occurs in the libnfs_zdr_string function. The issue can lead to high impact on confidentiality and integrity, with low impact on availability.

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4.

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses.