Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file

Impact Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability on...

GHSA-X563-6HQV-26MR Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file

Impact Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability on...

ROS-20231114-01

A vulnerability in the Blink Media component of the Google Chrome browser is related to memory usage after it has been after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the Blink Frames component of Goog...

kernel: net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()

An uninitialized memory access flaw was found in the Linux kernel's QRTR Qualcomm IPC Router protocol in the transmit resume handling. When processing RESUMETX messages, if the packet size is smaller than the expected control structure, the qrtrtxresume function reads uninitialized memory from th...

Deserialization Of Untrusted Data

pyarrow is vulnerable to Deserialization Of Untrusted Data. The vulnerability due to the Arrow IPC, Feather or Parquet data from untrusted sources as the library does not by default disable the PyExtensionType autoloading. This allows an attacker to create PyArrow-specific extension types which...

PyArrow: Arbitrary code execution when loading a malicious data file

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

GHSA-5WVP-7F3H-6WMM PyArrow: Arbitrary code execution when loading a malicious data file

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

CVE-2023-47248

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

CVE-2023-47248

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

Deserialization of untrusted data

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

CVE-2023-47248 PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

CVE-2023-47248

CVE-2023-47248 affects PyArrow IPC/Parquet readers (versions 0.14.0–14.0.0); unsafe deserialization allows arbitrary code execution when processing untrusted Arrow IPC/Feather/Parquet data. The NVD entry and multiple vendor advisories (IBM, CIRCL, Nuclei template) confirm remote code execution vi...

kernel: net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()

An uninitialized memory access flaw was found in the Linux kernel's QRTR Qualcomm IPC Router protocol in the transmit resume handling. When processing RESUMETX messages, if the packet size is smaller than the expected control structure, the qrtrtxresume function reads uninitialized memory from th...

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM...

Information disclosure

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM...

CVE-2023-28554 Buffer Over-read in Qualcomm IPC

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM...

CVE-2023-28554 Buffer Over-read in Qualcomm IPC

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM...

CVE-2023-28554

CVE-2023-28554 concerns Qualcomm IPC. Connected sources describe an information-disclosure vulnerability arising when reading values from shared memory inside a VM, attributed to a buffer over-read in the Qualcomm IPC path. The issue impacts confidentiality and is characterized with local access ...

CVE-2023-41036

Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication IPC mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What...

Privilege escalation

Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication IPC mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What...