NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference when SparseSparseMaximum is given invalid sparse tensors as inputs. PoC import tensorflow as tf tf.rawops.SparseSparseMaximum aindices=1, avalues = 0.1 , ashape = 2, bindices=, bvalues =2 , bshape = 2, Remediati...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that originates from imprope...

Gas Cost Vulnerability

Lines of code Vulnerability details The fuse function iterates through the provided characterList to check for duplicate characters and validate the trays. If the length of characterList is too high, the gas cost for executing the fuse function will also be high, potentially reaching the block ga...

Unsafe system contract verification

Lines of code Vulnerability details Impact On the following function: function isSystemContractaddress address internal pure returns bool return uint160address = uint160MAXSYSTEMCONTRACTADDRESS; it does check whether an address is a system contract by checking whether it is smaller than...

CVE-2023-28116 Buffer overflow in L2CAP due to misconfigured MTU

Contiki-NG is an open-source, cross-platform operating system for internet of things IoT devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer packetbuf for processing o...

CVE-2023-28450

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020...

CVE-2023-28450

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020...

CVE-2023-22424

Use-after-free vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a speciall...

Multiple vulnerabilities in Trend Micro Maximum Security

Overview Trend Micro Incorporated has released security updates for Trend Micro Maximum Security. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Trend Micro Maximum Security 2022 Arbitrary file deletion due to link...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in Zephyr version v2.4.0, which stems from invalid ACLMTU packets not being handled correctly during hci host stack initialization, and which can be exploited by an attacker...

DEBIAN-CVE-2023-0568

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value,...

SUSE CVE-2022-41725

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

SUSE CVE-2004-0656

The acceptclient function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections...

SUSE CVE-2004-1060

Multiple TCP/IP and ICMP implementations, when using Path MTU PMTU discovery PMTUD, allow remote attackers to cause a denial of service network throughput reduction for TCP connections via forged ICMP "Fragmentation Needed and Don't Fragment was Set" packets with a low next-hop MTU value, aka the...

SUSE CVE-2005-4352

The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value 19 Jan 2038, which then wraps around to the minimum value 13 Dec 190...

SUSE CVE-2006-4484

Buffer overflow in the LWZReadByte function in ext/gd/libgd/gdgifin.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with inputcodesize greater than MAXLWZBITS, which triggers an overflow when initializing the table array...

SUSE CVE-2006-5540

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."...

SUSE CVE-2007-3948

connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service failed assertion via a large number of connection attempts...

SUSE CVE-2008-2376

Integer overflow in the rbaryfill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service crash or possibly have unspecified other impact via a call to the Arrayfill method with a start aka beg argument greater than ARYMAXSIZE. NOTE: this...

SUSE CVE-2009-4017

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service resource exhaustion, and makes it easier for remote attackers to exploit local file inclusi...