1270 matches found
OSV-2024-1332 Negative-size-param in extract_mr_data
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=379768247 Crash type: Negative-size-param Crash state: extractmrdata parsemrstring readstatparsesav...
PT-2024-10699 · Google · Android
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to an incorrect bounds check in the sdpu extract attr seq function of sdp utils.cc, which could lead to a possible out of bounds...
adclaw (>=1.0.0 <=1.0.29), agentjet (=0.0.1) +27 more potentially affected by CVE-2024-48050 via agentscope (>=0.1.0 <=2.0.0)
agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =0.2.0, =0.4.0, =0.4.1 and more Source cves: CVE-2024-48050 Source advisory: SNYK:PYTHON-AGENTSCOPE-8344260...
OSV-2024-1249 Heap-buffer-overflow in extract_ice_option
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376100377 Crash type: Heap-buffer-overflow READ 1 Crash state: extracticeoption parsesdpsession parsesdp...
PT-2024-40618 · Git +1 · Kamailio
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash occurs in the following functions: extract ice option, parse sdp session, and parse sdp...
PT-2024-40617 · Git +1 · Kamailio
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A heap-buffer-overflow READ 6 crash has been reported. The crash involves the functions extract fmtp, parse sdp session, and parse mixed content...
Linux kernel 竞争条件问题漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition between movenormalpmd and extractpagetables in the mremap function, which could lead to...
The vulnerability of the Pandoc format conversion library written in Haskell allows attackers to create or rewrite any files in the system.
The vulnerability of the Pandoc format conversion library written in Haskell is related to insufficient validation of input data. Exploiting this vulnerability allows attackers to create or overwrite arbitrary files in the system by using the --extract-media parameter or by exporting files in PDF...
The vulnerability of the Pandoc format conversion library written in Haskell allows attackers to create or rewrite any files in the system.
The vulnerability of the Pandoc format conversion library written in Haskell is related to insufficient validation of input data. Exploiting this vulnerability allows attackers to create or overwrite arbitrary files in the system by using the --extract-media parameter or by exporting files in PDF...
GO-2024-3196 Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory. in github.com/codeclysm/extract
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory. in github.com/codeclysm/extract...
ROS-20241015-01
Vulnerability in the Image Element Handler component of the Haskell library for conversion from markup formats Pandoc is related to the provision of a specially crafted image element as input when creating files using the --extract-media parameter or outputting to PDF. file creation using the...
GHSA-8RM2-93MQ-JQHC Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Impact A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. Patches Please use version 4.0.0 or later github.com/codeclysm/extract/v4. Any previous version is affected by the bug. Workarounds No knows workarounds. Backward compatibility...
CVE-2024-47877
Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4...
CVE-2024-47877 Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4...
CVE-2024-47877 Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4...
CVE-2024-47877
CVE-2024-47877 affects the Go library Extract (archives: zip, tar.gz, tar.bz2) where a malicious archive can create a symlink outside the extraction target directory. The issue is fixed in v4.0.0. If you use the Extractor.FS interface, upgrading to v4 requires implementing the new methods added. ...
PT-2024-40604 · Git +1 · Kamailio
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 6 crash occurred, involving the functions extract sendrecv mode, parse sdp session, and parse mixed content. Recommendations:...
CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass
SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...
CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass
SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...
OSV-2024-1150 Heap-buffer-overflow in extract_mr_data
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=369236552 Crash type: Heap-buffer-overflow READ Crash state: extractmrdata parsemrstring readstatparsesav...