16 matches found
EUVD-2018-0090
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-17175
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema only option treats an empty list as implying no only option, which allows...
GHSA-53Q9-R3PM-6PQ6 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
Description I found a Remote Command Execution RCE vulnerability in PyTorch. When loading model using torch.load with weightsonly=True, it can still achieve RCE. Background knowledge https://github.com/pytorch/pytorch/security As you can see, the PyTorch official documentation considers using...
CVE-2024-57892
CVE-2024-57892 relates to the Linux kernel OCFS2 quota handling. The issue is a slab-use-after-free when remounting an ocfs2 filesystem as read-only and a quota_getnextquota syscall is used. The root cause is a dangling dqi_priv pointer that is freed during remount but not cleared, combined with ...
SUSE CVE-2018-17175
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
CVE-2020-1661
On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon jdhcp process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forwar...
USN-4466-2 curl vulnerability
USN-4466-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sent to the wrong destination,...
USN-4466-1 curl vulnerability
Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information...
wrong connect-only connection
An application that performs multiple requests with libcurl's multi API and sets the CURLOPTCONNECTONLY option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl picks and uses the wrong connection - and instead picks another one the...
GHSA-9Q2P-FJ49-VPXJ In marshmallow library the schema "only" option treats an empty list as implying no "only" option
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
DEBIAN-CVE-2018-17175
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
CVE-2018-17175
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
CVE-2018-17175
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
PYSEC-2018-67
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
UBUNTU-CVE-2018-17175
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the...
PT-2018-13935
Name of the Vulnerable Software and Affected Versions marshmallow library versions prior to 2.15.1 marshmallow library versions 3.x prior to 3.0.0b9 Description The issue arises from the schema "only" option in the marshmallow library, where an empty list is treated as if no "only" option was...