69 matches found
GHSA-XH29-R2W5-WX8M Nokogiri Improperly Handles Unexpected Data Type
Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent. Credit This vulnerability was responsibly reported by @agustingianni and the Github Security Lab...
CVE-2022-29181
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
CVE-2022-29181
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
CVE-2022-29181
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c
A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes...
SUSE: Security Advisory (SUSE-SU-2016:0049-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-26930
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later...
Input validation
There is a improper input validation vulnerability in some Huawei Smartphone.Successful exploit of this vulnerability can cause memory access errors and denial of service...
CVE-2020-9139
CVE-2020-9139 affects Huawei smartphones via an improper input validation vulnerability in the device’s input handling. The root cause is input validation failure, allowing memory access errors and a denial-of-service condition. The available documents consistently describe impact as memory corru...
CVE-2020-9139
There is a improper input validation vulnerability in some Huawei Smartphone.Successful exploit of this vulnerability can cause memory access errors and denial of service...
Denial of Service Vulnerability in Mitsubishi Electric Corporation GX Works2
GX Work2 is a PLC programming software developed by Mitsubishi Electric Automation Co., Ltd. for PLC design, debugging, maintenance and other work, which is widely used in electric power, machinery manufacturing, iron and steel, petroleum, chemical and other industrial control fields. A denial of...
Denial of Service Vulnerability in GX Works2 (CNVD-2020-32342)
GX Works2 is a PLC programming software. A denial of service vulnerability exists in GX Works2. An attacker could cause a denial of service by sending constructed malicious packets that cause it to experience an illegal memory access resulting in a denial of service, or could potentially execute...
Provisioning Services 7.X: Target Devices Fail To Boot With Error "No servers available for disk"
When we start the Target Device, we notice the following error on the device during boot process. "No servers available for disk" We also notice Database Access errors for certain functions on the Event Viewer of PVS Server...
Denial of Service Vulnerability in MXProgrammer Software
MXProgrammer software is a windows desktop software of Weihai Mack Electric Technology Co., Ltd. which is used to communicate with its MX series PLC products and complete the functions of program writing and downloading. A denial of service vulnerability exists in the MXProgrammer software. The...
The vulnerability of the Internet Explorer browser allows a malicious actor to execute arbitrary code with privileges of the current user.
The Internet Explorer browser contains a vulnerability related to errors that occur due to incorrect access to objects in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code with privileges of the current user...
The vulnerability of the Internet Explorer browser allows a malicious actor to execute arbitrary code with privileges of the current user.
The Internet Explorer browser contains a vulnerability related to errors that occur due to incorrect access to objects in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code with privileges of the current user...
The vulnerability of the Internet Explorer browser allows a malicious actor to execute arbitrary code with privileges of the current user.
The Internet Explorer browser contains a vulnerability related to errors that occur due to incorrect access to objects in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code with privileges of the current user...