markdown-it-py 安全漏洞

markdown-it-py is a Markdown parser open-sourced by Executable Books. A security vulnerability exists in markdown-it-py versions prior to v2.2.0, which stems from a denial of service that may result if an attacker is allowed to force null assertions using specially crafted input...

SUSE CVE-2009-0478

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in 1 HttpMsg.c and 2 HttpStatusLine.c...

SUSE CVE-2013-4558

The getparentresource function in repos.c in moddavsvn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service assertion failure and Apache...

SUSE CVE-2016-7420

Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory...

SUSE CVE-2021-23970

Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox 86...

shiyanhui/dht vulnerable to Uncontrolled Resource Consumption

Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector...

GHSA-P6FG-723F-HGPW shiyanhui/dht vulnerable to Uncontrolled Resource Consumption

Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector...

CVE-2020-36562

Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector...

CVE-2020-36562

Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector...

Design/Logic Flaw

Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector...

CVE-2020-36562 Uncontrolled Resource Consumption in github.com/shiyanhui/dht

Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector...

CVE-2020-36562

The CVE-2020-36562 entry concerns the Go library github.com/shiyanhui/dht. The vulnerability is caused by unchecked type assertions in handling incoming messages, which can cause panics and enable denial-of-service via remote or crafted messages. Veracode and Red Hat/other advisories corroborate ...

UBUNTU-CVE-2022-41912

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

CVE-2021-41803

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

CVE-2021-41803

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

CVE-2021-41803

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

Zephyr 安全漏洞

Zephyr an extensible real-time operating system RTOS. a denial of service vulnerability exists in Zephyr version v2.5.0 and later, which stems from the use of repeated LLFEATUREREQ reachable assertions. An attacker could exploit this vulnerability to cause a denial of service attack...

Incorrect Logic

tensorflow is using incorrect logic. Comparison of sizet and int values is not done correctly which results in incorrect macros for writing assertions such as CHECKLT, CHECKGT, etc...

SimpleSAMLphp Improper Verification of Cryptographic Signature

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...

GHSA-923W-2XV2-7PR8 SimpleSAMLphp Improper Verification of Cryptographic Signature

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...