Libde265 缓冲区错误漏洞

libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a global buffer overflow vulnerability in the decodeCABACbit function. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

CVE-2021-37137

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

CVE-2021-37136

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

Security Bulletin: Input Validation Vulnerability in Apache Commons Codec Affects IBM Sterling Connect:Direct for UNIX

Summary An Apache Commons Codec vulnerability for validating input was addressed by IBM Sterling Connect:Direct for UNIX. Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper...

Python < 3.6.13, 3.7.x < 3.7.10, 3.8.x < 3.8.7, 3.9.x < 3.9.1 Python Issue (bpo-41944) - Linux

Python is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Denial Of Service(DoS)

netty-codec is vulnerable to denial of service. The vulnerability exists due to lack of allocation size restriction on the decompressed output data in the Snappy frame decoder function, leading to an OOME...

Denial Of Service(DoS)

netty-codec is vulnerable to denial of service. The vulnerability exists due to lack of allocation size restriction on the decompressed output data in the Bzip2 decompression decoder function, leading to an OOME...

av-codec (>=0.1.0 <=0.2.1), av-format (>=0.1.0 <=0.3.0) +3 more potentially affected by CVE-2021-25904 via av-data (>=0.1.0 <=0.2.2)

av-data CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.1 - libaom =0.2.0 - libvpx =0.1.0 Source cves: CVE-2021-25904 Source advisory: OSV:GHSA-352P-RHVQ-7G78...

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +325 more potentially affected by CVE-2020-35902 via actix-codec (>=0.1.2 <=0.2.0)

actix-codec CARGO version =0.1.2, =0.1.0, =0.8.0, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.1 - actix-delay =0.1.0 - actix-diesel-actor =0.1.1 and more Source cves: CVE-2020-35902 Source advisory: OSV:GHSA-RQGX-HPG4-456R...

Use-after-free in actix-codec

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...

GHSA-RQGX-HPG4-456R Use-after-free in actix-codec

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...

Use-after-free in actix-codec

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...

python: Unsafe use of eval() on data retrieved via HTTP in the test suite

In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

python: Unsafe use of eval() on data retrieved via HTTP in the test suite

In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

DEBIAN-CVE-2021-3566

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'readprobe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim as long...

CVE-2021-3566

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'readprobe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim as long...

AZL-45081 CVE-2021-35515 affecting package apache-commons-compress 1.19-3

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package...

MGASA-2021-0327 Updated python packages fix security vulnerability

Updated python packages fix security vulnerability: In Python's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP CVE-2020-27619...

OPENSUSE-SU-2021:1012-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues: - Update to version 1.16.3: - CVE-2021-3185: buffer overflow in gsth264sliceparsedecrefpicmarking bsc1181255 - amcvideodec: fix sync meta copying not taking a reference - audiobuffersplit: Perform discont tracking on running time -...

gRPC Swift 输入验证错误漏洞

gRPC Swift is an open source Swift language implementation of gRPC , it contains a gRPC Swift API and code generator . Provides an API and generated code for gRPC clients and servers and can be built using Xcode or the Swift package manager. A security vulnerability in HTTP2ToRawGRPCServerCodec i...