AZL-26281 CVE-2023-28484 affecting package libxml2 for versions less than 2.10.4-1

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c...

CVE-2023-26555

praecisparse in ntpd/refclockpalisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver...

Out-of-bounds

praecisparse in ntpd/refclockpalisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver...

CVE-2023-26555

praecisparse in ntpd/refclockpalisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver...

Spring Data JPA introduces query parser!

The Problem One of Spring Data JPA’s handy features is letting you plugin in custom JPA queries through its @Query annotation. This allows some flexiblity because you are still able to offer sort parameters to the consumers of your app. Check out the example below: interface SampleRepository...

CVE-2023-28104 silverstripe/graphql Denial of Service vulnerability

silverstripe/graphql serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with...

CVE-2017-20178

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched...

Unsafe typecasting

Lines of code Vulnerability details Impact In the RToken.issueTo function unsafe typecasting of uint256 to int256 is performed while invoking the Throttle.useAvailable function. function issueToaddress recipient, uint256 amount public notPausedOrFrozen exchangeRateIsValidAfter requireamount 0,...

CVE-2022-46892

In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex...

CVE-2022-46892

In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex...

SUSE CVE-2018-20533

There is a NULL pointer dereference at ext/testcase.c function testcasestr2depcomplex in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service...

SUSE CVE-2019-9718

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ffhtmlmarkuptoass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

SUSE CVE-2019-9721

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handleopenbrace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

SUSE CVE-2019-13302

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages...

SUSE CVE-2019-13308

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage...

SUSE CVE-2019-13391

In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels...

SUSE CVE-2020-7020

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...

SUSE CVE-2021-29618

TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFl...

Ampere Computing Ampere Altra 安全漏洞

Ampere Computing Ampere Altra is an 80-core server processor from Ampere Computing, USA. A security vulnerability exists in Ampere AltraMax versions prior to 2.10c and Ampere Altra versions prior to 2.10c, which stems from incorrect access control and allows the operating system to reinitialize a...

CVE-2022-46892

CVE-2022-46892 affects Ampere AltraMax and Ampere Altra before 2.10c; improper access controls could allow the OS to reinitialize a disabled root complex. Impact is rated high (C/H/I/A). Remediation: upgrade to 2.10c or later per Ampere security bulletin; descriptions appear in NVD/Red Hat/CNNVD ...