DEBIAN-CVE-2024-41311

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write...

Devika 安全漏洞

Devika is an advanced AI software engineer open-sourced by stition. It can understand advanced human instructions, break them down into steps, study the relevant information, and write code to achieve a given goal. Devika suffers from a security vulnerability that stems from the presence of a...

DEBIAN-CVE-2024-6162

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

CVE-2023-39914

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...

libvmod-digest 缓冲区错误漏洞

libvmod-digest is used to compute HMAC, message digests. A security vulnerability exists in libvmod-digest versions prior to 1.0.3, which stems from an out-of-bounds memory access during base64 decoding, leading to authentication bypass and information disclosure...

CVE-2022-25024

The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service...

PYSEC-2023-149

The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service...

Python 代码问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.12.0, which stems from an error in the decoding of the json2xm...

SUSE CVE-2023-25565

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that...

SUSE CVE-2016-7450

The fflog216bitc function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file...

SUSE CVE-2018-18557

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 with JBIG enabled decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tifjbig.c...

SUSE CVE-2021-23973

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...

Non-standard ERC20 tokens are locked in the contract

Lines of code Vulnerability details Impact The function forwardERC20s transfers ERC20 tokens out of the contract to the owner. However, it does not properly handle non-standard ERC20 tokens such as USDT which do not return a bool when the transfer is called. The issue is that token is of type...

openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action

Open vSwitch aka openvswitch has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

NLnet Labs Routinator 安全漏洞

NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure validator from NLnet Labs in the Netherlands written in the Rust language. A security vulnerability exists in NLnet Labs Routinator versions 0.9.0 through 0.11.2, which stems from an error in error handling, where data in RRDP...

CVE-2022-31116 Incorrect handling of invalid surrogate pair characters in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

CVE-2022-25051

An Off-by-one Error occurs in cmr113decode of rtl433 21.12 when decoding a crafted file...

多款Qualcomm产品代码问题漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and are from time to time fabricated on the surface of semiconductor wafers. A code issue vulnerability exists in Qualcomm products that could...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0094)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0094)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have...