8.1
CVE-2023-5404 -
Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure.Β See Honeywell Security Notification for recommendations on upgrading and versioning.
8.1
CVE-2023-5403 -
Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
8.1
CVE-2023-5401 -
Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.Β See Honeywell Security Notification for recommendations on upgrading and versioning.
8.1
CVE-2023-5400 -
Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure.Β See Honeywell Security Notification for recommendations on upgrading and versioning.
5.9
CVE-2023-5398 -
Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service.Β See Honeywell Security Notification for recommendations on upgrading and versioning.
8.1
CVE-2023-5397 -
Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure.Β See Honeywell Security Notification for recommendations on upgrading and versioning.
7.4
CVE-2023-5396 -
Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution.Β See Honeywell Security Notification for recommendations on upgrading and versioning.
8.1
CVE-2023-5395 -
Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution.Β See Honeywell Security Notification for recommendations on upgrading and versioning.
7.1
CVE-2024-32463 - phlex makes Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes oβ¦
phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. The filter to detect and prevent the use of the `javascript:` URL scheme in the `href` attribute of anβ¦
7.5
CVE-2024-30253 - Handling untrusted input can result in a crash, leading to loss of availability / denial of service
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting inβ¦