SUSE CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

CVE-2023-29469

A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...

haproxy security update

2.4.17-3.2 - Reject empty http header field names CVE-2023-25725, 2174174 2.4.17-3.1 - Refuse interim responses with end-stream flag set CVE-2023-0056, 2174172...

PT-2023-3193

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.10.4 Description The issue is related to the xmlDictComputeFastKey function in dict.c, which can produce non-deterministic values when hashing empty dict strings in a crafted XML document. This can lead to various...

Hackers Flood NPM with Bogus Packages Causing a DoS Attack

Threat actors flooded the npm open source package repository for Node.js with bogus packages that briefly even resulted in a denial-of-service DoS attack. "The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-sourc...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. Remediation Upgrade zstd to version 1.5.4 or higher. References - GitHub Issue - GitHub PR Credit: yiyuaner...

A vulnerability was found in zstd v1.4.10 where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

...

DEBIAN-CVE-2022-4899

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

UBUNTU-CVE-2022-4899

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

zstd vulnerable to buffer overrun

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

CVE-2022-4899

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

The vulnerability of the Apache OpenOffice office software lies in the ability to add empty records to the Java class path, allowing an attacker to execute arbitrary code.

The vulnerability of the Apache OpenOffice office software lies in the ability to add empty records to the path of a Java class. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading a specially crafted Java file remotely...

GHSA-7JVM-XXMR-V5CW TensorFlow vulnerable to integer overflow in EditDistance

Impact TFversion 2.11.0 //tensorflow/core/ops/arrayops.cc:1067 const Tensor hypothesisshapet = c-inputtensor2; std::vector dimshypothesisshapet-NumElements - 1; for int i = 0; i MakeDimstd::maxhvaluesi, tvaluesi; if hypothesisshapet is empty, hypothesisshapet-NumElements - 1 will be integer...

Design/Logic Flaw

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory...

UBUNTU-CVE-2022-38745

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory...

CVE-2022-38745 Apache OpenOffice: Empty entry in Java class path

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory...

OESA-2023-1182 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw found in the Linux Kernel. The missing check causes a type confusion when issuing a listentry on an empty reportlist. The problem is caused by the assumption that the device must have valid reportlist. While this will be...

OESA-2023-1181 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw found in the Linux Kernel. The missing check causes a type confusion when issuing a listentry on an empty reportlist. The problem is caused by the assumption that the device must have valid reportlist. While this will be...

PT-2023-1972 · Apache +6 · Apache Openoffice +7

Name of the Vulnerable Software and Affected Versions: Apache OpenOffice versions before 4.1.14 Description: The issue is related to the possibility of adding an empty entry to the Java class path in Apache OpenOffice. This could allow a remote attacker to execute arbitrary Java code from the...

PT-2023-20223 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 Description: The issue is related to an integer overflow in the EditDistance function of TensorFlow, which can cause a deadlock when the hypothesis shape t is empty. This...