Python 代码问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python that stems from the urllib.parse.urlsplit function and the urlparse...

PT-2024-8708 · Siemens · Solid Edge

Name of the Vulnerable Software and Affected Versions: Solid Edge SE2024 versions prior to V224.0 Update 9 Description: A vulnerability has been identified that allows an attacker to execute code in the context of the current process by exploiting an out of bounds read past the end of an allocate...

CVE-2024-35425

vmir e8117 was discovered to contain a segmentation violation via the functionprepareparse function at /src/vmirfunction.c...

CVE-2024-35423

vmir e8117 was discovered to contain a heap buffer overflow via the wasmparsesectionfunctions function at /src/vmirwasmparser.c...

Security update for libheif

This update for libheif fixes the following issues: CVE-2024-41311: Fixed out-of-bounds read and write in ImageOverlay:parse due to decoding a heif file containing an overlay image with forged offsets bsc1231714. Patch Instructions: To install this SUSE update use the SUSE recommended installatio...

VMIR 安全漏洞

VMIR is a standalone library written in C by the individual developer Andreas Smas. A security vulnerability exists in VMIR version e8117, which stems from a segmentation violation in the functionprepareparse function...

VMIR 安全漏洞

VMIR is a standalone library written in C by the individual developer Andreas Smas. A security vulnerability exists in VMIR version e8117, which stems from a segmentation violation in the wasmparseblock function...

VMIR 安全漏洞

VMIR is a standalone library written in C by the individual developer Andreas Smas. A security vulnerability exists in VMIR version e8117, which stems from a heap buffer overflow in the wasmparsesectionfunctions function...

PT-2024-26494 · Vmir · Vmir

Name of the Vulnerable Software and Affected Versions: vmir e8117 Description: A segmentation violation issue was discovered in vmir via the function prepare parse function located at /src/vmir function.c. Recommendations: For vmir e8117, as a temporary workaround, consider disabling the function...

PT-2024-26490 · Vmir · Vmir

Name of the Vulnerable Software and Affected Versions: vmir version e8117 Description: A segmentation violation issue was discovered in vmir via the wasm parse block function at /src/vmir wasm parser.c. This issue occurs due to a problem in the wasm parse block function, which can cause a...

PT-2024-26492 · Unknown · Vmir E8117

Name of the Vulnerable Software and Affected Versions: vmir e8117 version e8117 Description: A heap buffer overflow issue was discovered in vmir e8117 via the wasm parse section functions function at /src/vmir wasm parser.c. This issue occurs due to a heap buffer overflow, which can be exploited...

EulerOS 2.0 SP9 : expat (EulerOS-SA-2024-2827)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time.CVE-2023-52426 An issue was discovered in libexp...

DEBIAN-CVE-2024-50165

In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve param-string when parsing mount options In bpfparseparam, keep the value of param-string intact so it can be freed later. Otherwise, the kmalloc area pointed to by param-string will be leaked as shown below:...

BIT-SUITECRM-2024-49774 ModuleScanner flaws in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses tokengetall to par...

go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

VulnCheck KEV: CVE-2024-53104

Linux kernel contains an out-of-bounds write vulnerability in the uvcparsestreaming component of the USB Video Class UVC driver that could allow for physical escalation of privilege...

AZL-52230 CVE-2024-51744 affecting package coredns for versions less than 1.11.1-18

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52248 CVE-2024-51744 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-25

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52233 CVE-2024-51744 affecting package packer for versions less than 1.9.5-12

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...