UBUNTU-CVE-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

PYSEC-2022-43015

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

PyTorch 代码注入漏洞

PyTorch is a Python package in the PyTorch open source. A code injection vulnerability exists in versions prior to PyTorch trunk/89695 that stems from an unsafe use of eval in its torch.jit.annotations.parsetypeline component leading to arbitrary code execution...

AZL-41470 CVE-2022-45873 affecting package systemd-bootstrap for versions less than 250.3-17

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested...

DEBIAN-CVE-2022-45873

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested...

DEBIAN-CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

systemd 资源管理错误漏洞

systemd is a Linux-based system and service manager from the individual developer Lennart Poettering in Germany. It is compatible with SysV and LSB startup scripts and provides a framework for representing dependencies between system services. A security vulnerability exists in systemd versions 2...

expat: a use-after-free in the doContent function in xmlparse.c

A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XMLResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed tags,...

Prototype Pollution

parse-server is vulnerable to prototype pollution. A remote attacker is able to bypass the requestKeywordDenylist option via a compromised parse server cloud code webhook target endpoint, resulting in prototype pollution...

Prototype Pollution

parse-server is vulnerable to prototype pollution. A remote attacker is able to bypass the requestKeywordDenylist option via cloud code webhooks or triggers and save malicious keywords on the database by passing crafted payloads through RestWrite function...

golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension

A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...

kernel: LSM: general protection fault in legacy_parse_param

In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular...

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

Parse Server _expandResultOnKeyPath Prototype Pollution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parse Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the \expandResultOnKeyPath function. The issue results from the lack of control over...

Parse Server transformUpdate Prototype Pollution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the transformUpdate function. The issue results from the lack of control over modifications...

Parse Server buildUpdatedObject Prototype Pollution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parse Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the buildUpdatedObject function. The issue results from the lack of control over modifications ...

PT-2022-35073 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A memory leak issue was discovered in the uvc gpio parse function of the uvcvideo media module. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

PT-2022-36766 · Git +1 · Gstreamer

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow write crash. The crash involves the functions parse subrip, parse webvtt, and gst sub parse chain...

PT-2022-36764 · Git +1 · Opensis

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap buffer overflow error, specifically a READ 1 type crash. The crash occurs in the following functions: parse content length...

PT-2022-7517 · Pytorch +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: PyTorch versions prior to 1.13.1 Description: The issue is related to the incorrect management of code generation in the torch.jit.annotations.parse type line function of the PyTorch machine learning framework. This can allow a remote attacke...