pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

Linux Distros Unpatched Vulnerability : CVE-2022-28657

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apport does not disable python crash handler before entering chroot CVE-2022-28657 - Apport does not disable python crash handler before entering chroot...

CVE-2022-28657

Apport does not disable python crash handler before entering chroot...

Ubuntu 16.04 LTS : Apport vulnerabilities (USN-6894-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6894-1 advisory. Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly us...

PYSEC-2024-118

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

CVE-2022-28657

Apport does not disable python crash handler before entering chroot...

CVE-2022-28657

Apport does not disable python crash handler before entering chroot...

SUSE CVE-2020-26268

In affected versions of TensorFlow the tf.rawops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the...

SUSE CVE-2022-23586

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

Arbitrary Code Execution

apport is vulnerable to arbitrary code execution. The vulnerability exists beause it does not disable python crash handler before entering chroot which allows an attacker to inject arbitrary codes...

UBUNTU-CVE-2022-28657

Apport does not disable python crash handler before entering chroot...

USN-5427-1 apport vulnerabilities

Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. CVE-2021-3899 Gerrit Venema discovered that Apport incorrectly handled connections to...

USN-5427-1: Apport vulnerabilities

Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. CVE-2021-3899 Gerrit Venema discovered that Apport incorrectly handled connections to...

PT-2022-19147 · Apport +2 · Apport +2

Name of the Vulnerable Software and Affected Versions: Apport affected versions not specified Description: The issue is related to Apport not disabling the python crash handler before entering chroot. This could potentially lead to unintended consequences, although specific details about the impa...

Canonical Apport 安全特征问题漏洞

Canonical Apport is a toolkit from Canonical UK for collecting and feeding back error messages information that the operating system finds useful when an application crashes. Canonical Apport suffers from a security signature issue vulnerability that stems from a system where Apport does not...

GHSA-9X52-887G-FHC2 Out of bounds read in Tensorflow

Impact The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef is then converted to MLIR-based IR then they can...

PYSEC-2022-150

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that can be exploited by an attacker to change the format of the SavedModel on disk to invalidate these assumptions, and then...

PYSEC-2020-255

In affected versions of TensorFlow the tf.rawops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the...

GHSA-HHVC-G5HV-48C6 Write to immutable memory region in TensorFlow

Impact The tf.rawops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area: python import...