adclaw (>=1.0.0 <=1.0.29), agentjet (=0.0.1) +27 more potentially affected by CVE-2024-8489 via agentscope (>=0.1.0 <=2.0.0)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =0.2.0, =0.4.0, =0.4.1 and more Source cves: CVE-2024-8489 Source advisory: SNYK:PYTHON-AGENTSCOPE-9599695...

The vulnerability of the FileUtil.extract() function in the library for creating, deploying, and executing MLeap machine learning models allows a hacker to execute arbitrary code.

The vulnerability of the FileUtil.extract function in the library responsible for creating, deploying, and executing MLeap machine learning models is related to an incorrect restriction on the path to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to...

Security update for tiff

This update for tiff fixes the following issues: CVE-2023-25435: Heap-buffer-overflow in extractContigSamplesShifted8bits in tiffcrop.c bsc1212607. CVE-2023-52356: Segment fault in libtiff in TIFFReadRGBATileExt leading to denial of service bsc1219213. Other bugfixes: Fixed tiff build issue on...

DEBIAN-CVE-2025-21754

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a transaction abort happens, we mark all existing ordered extents with the BTRFSORDEREDIOERR flag done at...

The vulnerability in the function PLT_FileMediaServerDelegate::ExtractResourcePath() of the file PltHttpServer.cpp in the software development library Platinum UPnP SDK allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the PLTFileMediaServerDelegate::ExtractResourcePath function in the pltHttpServer.cpp file of the software development library, Platinum UPnP SDK, is related to an incorrect limitation on the path name for directories with restricted access. Exploiting this vulnerability coul...

CVE-2025-1225

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity...

CVE-2024-5792

The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belongto’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

OSV-2024-1427 Heap-buffer-overflow in extract_mediaip

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391975654 Crash type: Heap-buffer-overflow READ 1 Crash state: extractmediaip parsesdpsession parsemixedcontent...

PT-2025-5652 · Git +1 · Kamailio

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash involves the functions extract mediaip, parse sdp session, and parse mixed content. No...

OSV-2024-1424 Heap-buffer-overflow in extract_candidate

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391689728 Crash type: Heap-buffer-overflow READ 8 Crash state: extractcandidate parsesdpsession parsemixedcontent...

PT-2025-5651 · Git +1 · Kamailio

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 8 crash has been reported. The crash occurs in the following functions: extract candidate, parse sdp session, and parse mixed...

WordPress plugin استخراج محصولات ووکامرس برای آیسی 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

The vulnerability of the UPDATES_ExtractFile function in the Visteon Infotainment automotive application platform allows a hacker to execute arbitrary code.

The vulnerability of the UPDATESExtractFile function in Visteon Infotainment’s automotive application platform exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows an attacker to execute arbitrary code in the basic operating system...

SUSE CVE-2024-47546

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extractccfromdata function within qtdemux.c. In the FOURCCc708 case, the subtraction atomlength - 8 may result in an underflow if atomlength is less than 8. When that subtraction...

EUVD-2024-3441

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

CVE-2024-55587

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

CVE-2024-55587

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

Visteon Infotainment 操作系统命令注入漏洞

Visteon Infotainment is an automotive infotainment system from Visteon Corporation. Visteon Infotainment suffers from an operating system command injection vulnerability that stems from an improper system call to the REFLASHDDUExtractFile function when handling a specially crafted software update...

Visteon Infotainment 操作系统命令注入漏洞

Visteon Infotainment is an automotive infotainment system from Visteon Corporation. Visteon Infotainment suffers from an operating system command injection vulnerability that stems from an improper system call to the UPDATESExtractFile function when handling a specially crafted software update...

Allegra 路径遍历漏洞

Allegra is a project management software for mid-sized organizations from Allegra. Allegra suffers from a path traversal vulnerability that stems from the extarctZippedFile feature containing a directory traversal remote code execution vulnerability...