EUVD-2017-1510

Malware in sbrugna...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...

CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool

In the Linux kernel, the following vulnerability has been resolved: workqueue: Put the pwq after detaching the rescuer from the pool The commit 68f83057b913"workqueue: Reap workers via kthreadstop and remove detachcompletion" adds code to reap the normal workers but mistakenly does not handle the...

CVE-2024-41118

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 47 of pages/7📦WebMapService.py takes user input, which is passed to getlayers function, in which url is used with getwmslayer method...

Local File Inclusion in Solara

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

CVE-2023-36463 Cross site scripting (XSS) in meldekarten generator

Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn't fully...

CVE-2022-35099

SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixelunsigned char at /xpdf/Stream.cc...

OTFCC 缓冲区错误漏洞

OTFCC is a C library and utility open sourced by Caryll. It is used to parse and write OpenType font files. OTFCC suffers from a buffer overflow vulnerability that stems from the release-x64/otfccdump 0x6e41b8 commit package containing a heap buffer overflow. No detailed vulnerability details are...

GSD-2022-1005945 net: Fix data-races around weight_p and dev_weight_[rt]x_bias.

net: Fix data-races around weightp and devweightrtxbias. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.212 by commit...

GSD-2022-1001761 ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()

ubifs: Fix read out-of-bounds in ubifswbufwritenolock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...

CVE-2022-24875 Potential Secrets being logged to disk in CVEProject/cve-services

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...

Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services

Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine...

CVE-2021-21423

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

CVE-2020-15204

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling tf.rawops.GetSessionHandle or tf.rawops.GetSessionHandleV2 results in a null pointer dereference In linked snippet, in eager mode, ctx-sessionstate returns nullptr. Since...

RIPS 3.3: Scaling Security Testing to Large Teams

Data Center Edition Automated security testing with RIPS is typically performed when a new code feature is merged into the development branch. But when security scanning is shifted left to the developers who scan every single code commit, the total amount of scans increases significantly. As a...

CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

CVE-2019-1010172

Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString jsiUtils.c. The attack vector is: executing crafted javascript code. The fixed version is: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39...

CVE-2019-1010176

Removed by vendor...