Double Free

Overview Affected versions of this package are vulnerable to Double Free in the stbiloadgifmain function, an attacker can cause a memory leak or a double-free error by manipulating the delays output value. This is only exploitable if stbiloadgifmain returns a null value and stbiconvertformat is...

DEBIAN-CVE-2023-45661

stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...

UBUNTU-CVE-2023-45664

stbimage is a single file MIT licensed library for processing images. A crafted image file can trigger stbiloadgifmainoutofmem attempt to double-free the out variable. This happens in stbiloadgifmain because when the layers stride value is zero the behavior is implementation defined, but common...

UBUNTU-CVE-2023-45661

stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...

PT-2023-29635 · Stb Image +3 · Stb Image +3

Name of the Vulnerable Software and Affected Versions: stb image affected versions not specified Description: The issue is related to a crafted image file that may trigger an out of bounds memcpy read in the stbi gif load next function. This occurs because two back points to a memory address lowe...

GHSA-655W-FM8M-M478 LangChain Server Side Request Forgery vulnerability

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

CVE-2023-46229

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

CVE-2023-46229

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

CVE-2023-46229

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

PYSEC-2023-205

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

PYSEC-2023-205

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

Server side request forgery (ssrf)

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

LangChain Code Issues Vulnerabilities

LangChain builds applications using LLM through composability. A security vulnerability exists in LangChain prior to version 0.0.317, which stems from a server-side request forgery attack via documentloaders/recursiveurlloader.py, as crawling can be performed from an external server to an interna...

PT-2023-29915

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.0.317 Description The issue allows Server-Side Request Forgery SSRF via the document loaders/recursive url loader.py module. This occurs because crawling can proceed from an external server to an internal server...

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader SPL before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree FIT format structure can be used to overwrite SPL memory, allowing unauthenticated software to...

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader SPL before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree FIT format structure can be used to overwrite SPL memory, allowing unauthenticated software to...

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader SPL before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree FIT format structure can be used to overwrite SPL memory, allowing unauthenticated software to...

NXP Semiconductors i.MX 8M Security Vulnerability

The NXP Semiconductors i.MX 8M is a system-on-module from NXP Semiconductors of the Netherlands. A security vulnerability exists in the NXP Semiconductors i.MX 8M U-Boot Secondary Program Loader SPL prior to version 2023.07. An attacker could exploit the vulnerability to escalate privileges...

WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to SQL Injection

Software Icons Font Loader Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.2.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-46084 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 98ab41839260 Credits minhtuanact Required privilege Subscriber...

Revealing DarkGate’s Incursion Across Continents

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A potential threat actor has been using compromised Skype and Microsoft Teams accounts to distribute DarkGate, a problematic loader campaign primarily targeting the Americas region. To receive real-time...