168 matches found
CVE-2023-33546
Janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by...
PT-2023-24378 · Janino +2 · Janino +2
Name of the Vulnerable Software and Affected Versions: Janino versions 3.1.9 and earlier Description: The issue allows for denial of service DOS attacks when using the evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes th...
CVE-2023-33546
Janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by...
OSV-2020-1399 Segv on unknown address in clang::StmtVisitorBase<llvm::make_const_ptr, RecordExprEvaluator, bool>::Visit
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19152 Crash type: Segv on unknown address Crash state: clang::StmtVisitorBase::Visit clang::StmtVisitorBase::Visit EvaluateInPlace...
Sandbox Breakout
Overview Versions of realms-shim prior to 1.2.0 are vulnerable to a Sandbox Breakout. The package's confined evaluator depended upon correct behavior of the spread operator a = ...b, ...c, which could be modified by the confined code. This may allow an attacker to escape the sandbox and run...
OpenCV Out-of-Bounds Read/Write Vulnerability
OpenCV is a cross-platform computer vision library. An out-of-bounds read/write vulnerability exists in the HaarEvaluator::OptFeature::calc function in modules/objdetect/src/cascadedetect.hpp in OpenCV. An attacker could exploit this vulnerability to cause a denial of service...
OpenCV Out-of-Bounds Read Vulnerability
OpenCV is a cross-platform computer vision library. An out-of-bounds read vulnerability exists in the cv::predictOrdered function in modules/objdetect/src/cascadedetect.hpp in OpenCV. An attacker could exploit this vulnerability to cause a denial of service...
DEBIAN-CVE-2019-14492
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service...
UBUNTU-CVE-2019-14491
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service...
LibSass Denial of Service Vulnerability (CNVD-2017-27708)
LibSass is an open source written in C using Sass CSS extension language parser . A denial of service vulnerability exists in the 'Sass::Eval::operator' function in the eval.cpp file in LibSass version 3.4.5. A remote attacker can exploit this vulnerability to cause a denial of service...
PwC ACE-ABAP Remote Code Execution Vulnerability
ACE Automated Controls Evaluator is a tool developed by PwC PricewaterhouseCoopers that can be used to analyze SAP security settings to discern privileged access and potential segregation of duties.ABAP Advanced Business Application Programming. A remote code execution vulnerability exists in PwC...
New Google Tools Help Devs Improve Content Security Policy Protection
Cross-site scripting is the cockroach of web application security vulnerabilities, enjoying continued longevity despite the abundant availability of scanning tools and programming advice designed to squash it. Google yesterday took another shot at eradicating XSS attacks with the release of two...
DEBIAN-CVE-2013-4255
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a 1 PREEMPT, 2 SUSPEND, 3 CONTINUE, 4 WANTVACATE, or 5 KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of...
CVE-2013-4255
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a 1 PREEMPT, 2 SUSPEND, 3 CONTINUE, 4 WANTVACATE, or 5 KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of...
CVE-2009-5136
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANTSUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service condorstartd exit via a crafted job...
CVE-2009-5136
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANTSUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service condorstartd exit via a crafted job...
CVE-2013-4255
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a 1 PREEMPT, 2 SUSPEND, 3 CONTINUE, 4 WANTVACATE, or 5 KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of...
UBUNTU-CVE-2013-4255
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a 1 PREEMPT, 2 SUSPEND, 3 CONTINUE, 4 WANTVACATE, or 5 KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of...
Code injection
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANTSUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service condorstartd exit via a crafted job...
CVE-2013-4255
HTCondor vulnerability CVE-2013-4255 affects policy evaluation in Condor (7.5.4, 8.0.0 and earlier). If a job defines a policy attribute in CONTINUE, KILL, PREEMPT, SUSPEND, or related policies that evaluates to UNDEFINED/ERROR/Unconfigured, a remote authenticated user could cause condor_startd t...