Misinterpretation of Input

Overview Affected versions of this package are vulnerable to Misinterpretation of Input in tarfile.py, which may convert AREGTYPE \x00 blocks to DIRTYPE when processing multi-block input such as GNUTYPELONGNAME or GNUTYPELONGLINK. Remediation A fix was pushed into the master branch but not yet...

CVE-2023-22999

In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3qcomcreateursusbplatdev return value expects it to be NULL in the error case, whereas it is actually an error pointer...

Auth0 angular-jwt misinterprets allowlist as regex

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain allowlist filter via a crafted domain. For example, if the setting is initialized...

DEBIAN-CVE-2007-4200

ntfs.c in fsstat in Brian Carrier The Sleuth Kit TSK before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service application crash and prevent examination of certain NTFS files via a...