42 matches found
CVE-2023-31918
Jerryscript 3.0 commit 1a2c047 was discovered to contain an Assertion Failure via the parserparsefunctionarguments at jerry-core/parser/js/js-parser.c...
EUVD-2007-0553
Malware in sbrugna...
EUVD-2020-16068
Malware in sbrugna...
EUVD-2020-0198
Malware in sbrugna...
EUVD-2020-17078
Malware in sbrugna...
EUVD-2022-28035
Malicious code in bioql PyPI...
Improper Validation of Function Hook Arguments
Overview Affected versions of this package are vulnerable to Improper Validation of Function Hook Arguments in the /api/webhook endpoint via the affectedRevisionInfo function. An attacker can cause the server process to crash and disrupt service availability by sending a Gogs push event whose JSO...
Linux Distros Unpatched Vulnerability : CVE-2020-23320
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an Assertion in 'contextp-nextscannerinfop-type == SCANNERTYPEFUNCTION' in parserparsefunctionarguments in JerryScript 2.2.0. CVE-2020-23320 Note that...
CVE-2025-38034
CVE-2025-38034 : The connected Azure Linux 3.0 Nessus entry confirms a Linux kernel issue affecting btrfs paths where btrfs__prelim_ref calls wrong order of oldref/newref, causing a NULL pointer dereference in trace_btrfs_prelim_ref_insert(). The backtrace shows the call path ending in prelim_ref...
Eval Injection
Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Eval Injection via the functionmessage process. An attacker can execute arbitrary code by manipulating the functionname or functionargs arguments. Remediation There is ...
PYSEC-2025-122
The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...
Updated libpcap packages fix security vulnerabilities
In affected libpcap versions during the setup of a remote packet capture the internal function sockinitaddress calls getaddrinfo and possibly freeaddrinfo, but does not clearly indicate to the caller function whether freeaddrinfo still remains to be called after the function returns. This makes i...
CVE-2024-43910
In the Linux kernel, the following vulnerability has been resolved: bpf: add missing checkfuncargregoff to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified CONSTPTRTODYNPTR to a global function as an argument. The adverse effects of this is that BPF helpers can...
CVE-2024-35229
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...
CVE-2024-35229 ZKsync Era evaluation order of Yul function arguments
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern fa,b; checkifaexecutedlast in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a...
CVE-2023-31918
Jerryscript 3.0 commit 1a2c047 was discovered to contain an Assertion Failure via the parserparsefunctionarguments at jerry-core/parser/js/js-parser.c...
UBUNTU-CVE-2023-31918
Jerryscript 3.0 commit 1a2c047 was discovered to contain an Assertion Failure via the parserparsefunctionarguments at jerry-core/parser/js/js-parser.c...
SUSE CVE-2007-0555
PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service server crash and possibly access...
abi.encodePacked Allows Hash Collision
Lines of code Vulnerability details Impact From the solidity documentation: If you use keccak256abi.encodePackeda, b and both a and b are dynamic types, it is easy to craft collisions in the hash value by moving parts of a into b and vice-versa. More specifically, abi.encodePacked"a", "bc" ==...
CVE-2022-22901
There is an Assertion in 'contextp-nextscannerinfop-type == SCANNERTYPEFUNCTION' failed at parserparsefunctionarguments in /js/js-parser.c of JerryScript commit a6ab5e9...