171 matches found
Jettison 缓冲区错误漏洞
Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX . Jettison v1.5.2 before the version of a security vulnerability , the vulnerability stems from a stack overflow , allowing an attacker to...
FF4J 安全漏洞
FF4J is a feature switching mode of FF4J open source implementation library . A security vulnerability exists in FF4J version 1.8.1 that stems from vulnerability to remote code execution RCE attacks...
Bento4 缓冲区错误漏洞
Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4 that stems from the presence of a heap-based buffer overflow problem...
The vulnerability of the `cv::PxMDecoder::readData` function in the `grfmt_pxm.cpp` component of the OpenCV library, which is used for computer vision, image processing, and numerical algorithms of general purpose, open-source computer vision. This vulnerability allows a attacker to cause a service denial.
The vulnerability of the cv::PxMDecoder::readData function in the grfmtpxm.cpp component of the Computer Vision, Image Processing, and Numerical Algorithms General Purpose Library OpenSource Computer Vision Library – OpenCV is related to the execution of operations outside of the buffer in memory...
Mz Automation Libiec61850 代码问题漏洞
Mz Automation Libiec61850 is an open source library for the IEC 61850 protocol from Mz Automation. Mz Automation Libiec61850 suffers from a code issue vulnerability that stems from its use of null pointers under certain circumstances. This could allow an attacker to crash the server...
GHSA-4RG6-FM25-GC34 oauth2-server through 3.1.1 vulnerable to Open Redirect
In oauth2-server aka node-oauth2-server through 3.1.1, the value of the redirecturi parameter received during the authorization and token request is checked against an incorrect URI pattern a-zA-Za-zA-Z0-9+.-+: before making a redirection. This allows a malicious client to pass an XSS payload...
OTFCC Buffer Overflow Vulnerability (CNVD-2024-08553)
OTFCC is Caryll open source a C library and utility programs. Used to parse and write OpenType font files. A buffer overflow vulnerability exists in OTFCC version 0.10.4, which stems from a lack of proper validation of user-supplied data in the /release-x64/otfccdump+0x6b84b1 file, and can be...
OTFCC 缓冲区错误漏洞
OTFCC is a C library and utility program from Caryll Open Source. It is used to parse and write OpenType font files. A security vulnerability exists in OTFCC version 0.10.4, which stems from a segmentation violation in the file /multiarch/memmove-vec-unaligned-erms...
OTFCC 缓冲区错误漏洞
OTFCC is a C library and utility program from Caryll Open Source. It is used to parse and write OpenType font files. A security vulnerability exists in OTFCC version 0.10.4, which stems from a heap buffer overflow in the /release-x64/otfccdump+0x6c08a6 file...
Ittiam Systems libmpeg2 安全漏洞
Ittiam Systems libmpeg2 is an open source library of MPEG-1 and MPEG-2 video stream decoding functions from Ittiam Systems. A security vulnerability exists in Ittiam Systems libmpeg2 versions prior to 2022-07-27, which stems from the use of memcpy with overlapping memory blocks, and can be...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a memory leak via the function ucclose at /my/unicorn/uc.c. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike...
Security Bulletin: IBM Informix Dynamic Server is affected to denial of service due to FasterXML jackson-databind (CVE-2020-36518)
Summary There is a denial of service vulnerability in FasterXML jackson-databind CVE-2020-36518 open source library included in IBM Informix Dynamic Server for IBM InformixHQ. FasterXML jackson-databind 2.13.2.2 resolves the vulnerability. Vulnerability Details CVEID: CVE-2020-36518 DESCRIPTION:...
Denial of Service (DoS)
Overview github.com/containrrr/shoutrrr/pkg/util is a notification library for gophers. Affected versions of this package are vulnerable to Denial of Service DoS via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters...
Laurent Rineau CGAL 输入验证错误漏洞
CGAL is an open source application by Laurent Rineau. It provides easy access to efficient and reliable geometric algorithms in the form of C libraries. CGAL libcgal suffers from a code execution vulnerability that stems from a specially formatted, incorrectly formatted file that could lead to...
PJSIP 安全漏洞
PJSIP is a free open source multimedia communications library written in C. A denial-of-service vulnerability exists in PJSIP that could be exploited by attackers to affect PJSIP users who use PJSIP XML parsing in their applications...
Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities
Summary IBM Data Replication has addressed the following vulnerabilities: CVE-2017-17485 CVE-2018-5968 CVE-2017-15095 CVE-2017-7525 CVE-2018-7489 Vulnerability Details CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused...
Popular NPM Package Hijacked to Publish Crypto-mining Malware
The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that...
CVE-2021-39229
CVE-2021-39229 affects the Apprise library via the IFTTT plugin (NotifyIFTTT.py). A denial-of-service vulnerability is caused by an inefficient regular expression, with the vulnerable pattern located at lines 356–359 in the referenced file. The issue was fixed in release 0.9.5.1; if upgrading isn...
Unspecified vulnerability in Bento4 (CNVD-2021-51794)
Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4 version 1.5.1-628, which stems from an unhandled memory allocation failure in ""Core/Ap4Atom.cpp"" that results in the dereferencing of the NULL pointer, and can be exploited by an...
Request Forgery Vulnerability in XStream
XStream is an open source Java class library , it is mainly used to serialize objects into XML JSON or deserialize objects . A request forgery vulnerability exists in Xstream, which can be exploited by an attacker to spoof requests sent from the server side in the context of an affected applicati...