DEBIAN-CVE-2023-45661

stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...

UBUNTU-CVE-2023-45661

stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...

UBUNTU-CVE-2023-45664

stbimage is a single file MIT licensed library for processing images. A crafted image file can trigger stbiloadgifmainoutofmem attempt to double-free the out variable. This happens in stbiloadgifmain because when the layers stride value is zero the behavior is implementation defined, but common...

PT-2023-29635 · Stb Image +3 · Stb Image +3

Name of the Vulnerable Software and Affected Versions: stb image affected versions not specified Description: The issue is related to a crafted image file that may trigger an out of bounds memcpy read in the stbi gif load next function. This occurs because two back points to a memory address lowe...

GHSA-655W-FM8M-M478 LangChain Server Side Request Forgery vulnerability

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

CVE-2023-46229

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

CVE-2023-46229

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

CVE-2023-46229

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

Server side request forgery (ssrf)

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

PYSEC-2023-205

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

PYSEC-2023-205

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

LangChain Code Issues Vulnerabilities

LangChain builds applications using LLM through composability. A security vulnerability exists in LangChain prior to version 0.0.317, which stems from a server-side request forgery attack via documentloaders/recursiveurlloader.py, as crawling can be performed from an external server to an interna...

PT-2023-29915

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.0.317 Description The issue allows Server-Side Request Forgery SSRF via the document loaders/recursive url loader.py module. This occurs because crawling can proceed from an external server to an internal server...

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader SPL before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree FIT format structure can be used to overwrite SPL memory, allowing unauthenticated software to...

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader SPL before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree FIT format structure can be used to overwrite SPL memory, allowing unauthenticated software to...

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader SPL before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree FIT format structure can be used to overwrite SPL memory, allowing unauthenticated software to...

NXP Semiconductors i.MX 8M Security Vulnerability

The NXP Semiconductors i.MX 8M is a system-on-module from NXP Semiconductors of the Netherlands. A security vulnerability exists in the NXP Semiconductors i.MX 8M U-Boot Secondary Program Loader SPL prior to version 2023.07. An attacker could exploit the vulnerability to escalate privileges...

WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to SQL Injection

Software Icons Font Loader Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.2.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-46084 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 98ab41839260 Credits minhtuanact Required privilege Subscriber...

Revealing DarkGate’s Incursion Across Continents

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A potential threat actor has been using compromised Skype and Microsoft Teams accounts to distribute DarkGate, a problematic loader campaign primarily targeting the Americas region. To receive real-time...

China’s Cyber Espionage Targets Semiconductor Giants in East Asia

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In recent cyber espionage activities, threat actors affiliated with the Peoples Republic of China PRC have targeted semiconductor companies operating in Mandarin/Chinese-speaking regions of East Asia...