PT-2022-5263 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 19.1R3-S9 Junos OS versions 19.2 prior to 19.2R3-S6 Junos OS versions 19.3 prior to 19.3R3-S7 Junos OS versions 19.4 prior to 19.4R2-S7, 19.4R3-S8 Junos OS versions 20.1 prior to 20.1R3-S5 Junos OS versions 20.2 pri...

CVE-2022-33185. Several commands in Brocade Fabric OS use unsafe string function to process user input

Security Advisory ID : BSA-2022-2078 Component : FOS Revision : 1.1 Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer...

CVE-2022-1405

CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition...

Design/Logic Flaw

Delta Electronics CNCSoft All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition...

Laravel 代码问题漏洞

Laravel is a web application framework from the Laravel team.Laravel version 5.1 contains a deserialization vulnerability that stems from insecure deserialization processing of serialized data submitted by the application at the time of receipt, which can be exploited by an attacker to remotely...

CVE-2022-32547

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application...

CVE-2022-22673

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service...

CLSA-2022-1652706582 Fixed CVE-2018-25032 in zlib

CVE-2018-25032: Fix an out-of-bounds access flaw leading to memory corruption when input has many distant matches...

YARP Denial of Service Vulnerability

Impact A denial of service vulnerability exists in how YARP processes input. Patches If you're using YARP 1.0.0, you should update to NuGet package version 1.0.1. If you're using YARP 1.1.0-RC.1, you should update to NuGet package version 1.1.0-rc.1.22211.2. You can do so by updating the...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an out-of-bounds write vulnerability that originates from a boundary error when WebRTC processes untrusted input. A remote attacker can exploit the vulnerability to execute arbitrary code on the system...

CVE-2021-39537

A heap overflow vulnerability has been found in the ncurses package, particularly in the "tic". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the...

GHSA-WHGM-JR23-G3J9 Uncontrolled Resource Consumption in ansi-html

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

CVE-2021-23424

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

CVE-2021-23424

This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time...

CVE-2021-23424

CVE-2021-23424 affects the Node.js package ansi-html . The provided documents describe a denial-of-service condition caused by a regular-expression Denial-of-Service (ReDoS) flaw in processing input, potentially allowing an attacker to consume resources and degrade availability. Several IBM advis...

PT-2021-15512 · Ansi-Html · Ansi-Html

Name of the Vulnerable Software and Affected Versions: ansi-html affected versions not specified Description: The issue arises when an attacker provides a malicious string, causing the system to get stuck processing the input for an extremely long time. Recommendations: At the moment, there is no...

CVE-2021-29542

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing crafted inputs to tf.rawops.StringNGrams. This is because the...

CVE-2021-32471

Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs instead of 0s and 1s...

Forcepoint Web Security Content Gateway 代码问题漏洞

Forcepoint Web Security Content Gateway is an application gateway from Forcepoint, USA. A code issue vulnerability exists in Forcepoint Web Security Content Gateway versions prior to 8.5.4 that stems from incorrectly processing XML input, which can lead to information disclosure...

MGASA-2021-0150 Updated glibc packages fixes security vulnerabilities

Updated glibc packages fix a security vulnerabilities: The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead t...