Guardrails 安全漏洞

Guardrails is a Python framework open source by Guardrails AI. Versions of Guardrails 0.6.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the Hub package installation mechanism, which retrieved lists from the Guardrails Hub when installing the validationer...

gstreamer: AV1 Video Parsing Stack-based Buffer Overflow

A stack-based buffer overflow flaw was found in GStreamer. This issue may lead to code execution while parsing tile list data within AV1-encoded video files...

EUVD-2005-2550

Malware in sbrugna...

gstreamer: AV1 Video Parsing Stack-based Buffer Overflow

A stack-based buffer overflow flaw was found in GStreamer. This issue may lead to code execution while parsing tile list data within AV1-encoded video files...

The vulnerability of the `createSessionInternal` function in the `PackageInstallerService.java` module of the Android operating system allows a hacker to access the database of any application.

The vulnerability of the createSessionInternal function in the PackageInstallerService.java module of the Android operating system is related to the lack of encapsulation around special characters in the name of the installer when it is written to /data/system/packages.list. Exploiting this...

UBUNTU-CVE-2024-0444

GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

CVE-2024-0444 GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of tile lis...

SUSE CVE-2024-0444

GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

CVE-2023-37491 Improper Authorization check vulnerability in SAP Message Server

The ACL Access Control List of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the...

SUSE CVE-2017-5545

The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via Apple Property List data that is too short...

Six Apart Movable Type 跨站脚本漏洞

Six Apart Movable Type MT is a blogging system from Six Apart USA. The system includes features such as multiple users, comments, quotes, and topics. Six Apart Movable Type suffers from a cross-site scripting vulnerability that stems from the application's insufficient cleansing of user-supplied...

The vulnerability of the ICE data exchange library X11 libICE, related to the use of a weak entropy source for key generation, allows a hacker to intercept sessions.

The vulnerability of the ICE data exchange library X11 libICE is related to the use of a weak entropy source for key generation. Exploiting this vulnerability allows an attacker to intercept sessions by using information from the process list...

Denial Of Service (DoS) Or Information Disclosure

libplist is susceptible to denial of service or information disclosure attacks. The attacks exist when a user passes an Apple Property List data that is that is shorter than 8 bytes to the main function in plistutil.c...

DEBIAN-CVE-2017-5545

The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via Apple Property List data that is too short...

CVE-2017-5545

The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via Apple Property List data that is too short...

CVE-2017-5209

The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via split encoded Apple Property List data...

CVE-2017-5209

The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via split encoded Apple Property List data...

Design/Logic Flaw

The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via split encoded Apple Property List data...

UBUNTU-CVE-2015-4178

The fspin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service system crash by leveraging user-namespace root access for an MNTDETACH umount2 system call, related to...