PT-2021-4681 · Encode.Pm +2 · Encode.Pm +2

Name of the Vulnerable Software and Affected Versions: Encode.pm versions 3.05 through 3.11 Perl versions through 5.34.0 Description: The issue is related to incorrect path handling in the Encode.pm module of the Perl programming language. This allows an attacker to inject arbitrary code and gain...

UBUNTU-CVE-2021-36770

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...

CVE-2021-36770

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in the current working directory that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm 3.05...

GSD-2021-1001178 nfsd: fix NULL dereference in nfs3svc_encode_getaclres

nfsd: fix NULL dereference in nfs3svcencodegetaclres This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.4 by commit...

DEBIAN-CVE-2021-31292

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service DOS via crafted metadata...

CVE-2020-23705

A global buffer overflow vulnerability in jfifencode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service DOS via a crafted jpeg file...

ffjpeg 安全漏洞

ffjpeg is a simple implementation of jpeg encoding and decoding. ffjpeg 2020-06-22 and earlier versions of jfif.c:701 have a global buffer overflow vulnerability in jfifencode. An attacker could exploit the vulnerability to cause a denial of service via a specially crafted jpeg file...

PT-2021-7739 · Ffjpeg · Ffjpeg

Name of the Vulnerable Software and Affected Versions: ffjpeg versions through 2020-06-22 Description: A global buffer overflow vulnerability in the jfif encode function at jfif.c:701 of the ffjpeg library allows attackers to cause a Denial of Service DOS via a crafted jpeg file. The vulnerabilit...

GHSA-59Q2-X2QC-4C97 Heap OOB access in unicode ops

Impact An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode: python import tensorflow as tf inputvalues = tf.constant58, shape=1, dtype=tf.int32 inputsplits = tf.constant81, 101, 0, shape=3, dtype=tf.int32 outputencoding = "UTF-8" tf.rawops.UnicodeEncod...

PYSEC-2021-685

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...

CVE-2021-29559

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...

Xmind 2020 - Persistent Cross-Site Scripting

Exploit Title: Xmind 2020 - XSS to RCE Exploit Author: TaurusOmar Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description: XMind, a full-featured mind mapping and...

GHSA-HMV2-79Q8-FV6G Uncontrolled Resource Consumption in urllib3

The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...

libsixel 缓冲区错误漏洞

Libsixel is a package that provides encoding/decoding implementations for DEC SIXEL graphics and other converter programs. A buffer overflow vulnerability exists in Libsixel version v1.8.6, which stems from a buffer overflow in the sixelencoderencodebytes function, and can be exploited by an...

Cross site scripting

docsify 4.12.1 is affected by Cross Site Scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...

Froala 3.2.6-1 Cross Site Scripting Vulnerability

Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 Author: Vincent666 ibn Winnie Software Link: https://froala.com/wysiwyg-editor/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel: https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ PoC: In t...

TinyTinyRSS Remote Code Execution

!/usr/bin/env python3 Exploit Title: TinyTinyRSS remote code execution Date: 21 September 2020 made public Exploit Author: Daniel Neagaru & Benjamin Nadarević Blog post: https://www.digeex.de/blog/tinytinyrss/ Software Link: https://git.tt-rss.org/fox/tt-rss Version: all before 2020-09-16 Commit...

[ASA-202102-29] keycloak: cross-site scripting

Arch Linux Security Advisory ASA-202102-29 ========================================== Severity: High Date : 2021-02-20 CVE-ID : CVE-2021-20195 Package : keycloak Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-1578 Summary ======= The package keycloak before...

OpenJPEG 输入验证错误漏洞

OpenJPEG is an open source JPEG 2000 codec written in C language . A heap buffer overflow vulnerability exists in the opjt2encodepacket function in openjp2/t2.c in versions of OpenJPEG prior to 2.4.0. An attacker could exploit this vulnerability via specially crafted input to affect...

h1-ctf: Invading Grinch Network and Saving Christmas

How we saved Christmas As usual with H1 CTF challenges we are provided with a target URL. In our case it is the following: https://hackyholidays.h1ctf.com/ We started by visiting the URL and see what is going on. All we could see is a page with an image with a warning message. F1125722 We quickly...