6715 matches found
DEBIAN-CVE-2021-33194
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service infinite loop via crafted ParseFragment input...
GHSA-QW5H-7F53-XRP6 Stack overflow in `ParseAttrValue` with nested tensors
Impact The implementation of ParseAttrValue can be tricked into stack overflow due to recursion by giving in a specially crafted input. Patches We have patched the issue in GitHub commit e07e1c3d26492c06f078c7e5bf2d138043e199c1. The fix will be included in TensorFlow 2.5.0. We will also cherrypic...
UBUNTU-CVE-2021-28903
A stack overflow in libyang = v1.0.225 can cause a denial of service through function lyxmlparsemem. lyxmlparseelem function will be called recursively, which will consume stack space and lead to crash...
kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow
A flaw was found in the HDLCPPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the pppcpparsecr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data...
python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters
The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...
libarchive: Out-of-bounds read in parse_file_info
An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader...
Telegram 缓冲区错误漏洞
Telegram is an instant messaging mobile application. A heap buffer overflow vulnerability exists in the custom derived LottieParserImpl :: parseDashProperty function of the rlottie library in Telegram for Android prior to version 7.1.0 2090, iOS prior to version 7.1, and macOS prior to version 7....
PYSEC-2021-741
TensorFlow is an end-to-end open source platform for machine learning. The implementation of ParseAttrValuehttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attrvalueutil.ccL397-L453 can be tricked into stack overflow due to recursion...
CVE-2021-32613
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS...
CVE-2021-32613
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS...
CVE-2021-32613
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS...
Double free
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS...
CVE-2021-32613
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS...
CVE-2021-32613
Radare2 (affected up to version 5.3.0) contains a double-free vulnerability in the pyc parser triggered by a crafted file, which can lead to a denial of service. The issue has been addressed upstream with a fix in version 5.3.1 (per security advisories and patch notes from multiple sources). If u...
CVE-2021-32613
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS...
Debian: Security Advisory (DLA-2656-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OS Command Injection
git-parse is vulnerable to OS command injection. Untrusted input in gitDiff is passed into an exec function without validation, allowing an attacker to execute arbitrary OS commands on the host OS...
GHSA-F98M-Q3HR-P5WQ Prototype Pollution in locutus
All versions of package locutus prior to version 2.0.12 are vulnerable to Prototype Pollution via the php.strings.parsestr function...
Prototype Pollution in templ8
All versions of package templ8 up to and including 0.0.44 are vulnerable to Prototype Pollution via the parse function...
GHSA-C7M7-4257-H698 Prototype Pollution in templ8
All versions of package templ8 up to and including 0.0.44 are vulnerable to Prototype Pollution via the parse function...