Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parsestatement in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for resource-constrained microcontrollers. A stack overflow vulnerability exists in parsestatementlist in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via a specially crafted file to cause a denial of servi...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parseequality in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parsecomparison in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parsemuldivrem in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for resource-constrained microcontrollers. A stack overflow vulnerability exists in parseunary in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for resource-constrained microcontrollers. A stack overflow vulnerability exists in parseblock in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parsevalue in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A stack overflow vulnerability exists in parsearray in Cesanta MJS version 1.20.1...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parseshifts in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parseplusminus in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...

DEBIAN-CVE-2021-33194

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service infinite loop via crafted ParseFragment input...

GHSA-QW5H-7F53-XRP6 Stack overflow in `ParseAttrValue` with nested tensors

Impact The implementation of ParseAttrValue can be tricked into stack overflow due to recursion by giving in a specially crafted input. Patches We have patched the issue in GitHub commit e07e1c3d26492c06f078c7e5bf2d138043e199c1. The fix will be included in TensorFlow 2.5.0. We will also cherrypic...

UBUNTU-CVE-2021-28903

A stack overflow in libyang = v1.0.225 can cause a denial of service through function lyxmlparsemem. lyxmlparseelem function will be called recursively, which will consume stack space and lead to crash...

kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow

A flaw was found in the HDLCPPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the pppcpparsecr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data...

python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters

The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...

libarchive: Out-of-bounds read in parse_file_info

An out-of-bounds read flaw exists in parsefileinfo in archivereadsupportformatiso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archivereadformatiso9660readheader...

Telegram 缓冲区错误漏洞

Telegram is an instant messaging mobile application. A heap buffer overflow vulnerability exists in the custom derived LottieParserImpl :: parseDashProperty function of the rlottie library in Telegram for Android prior to version 7.1.0 2090, iOS prior to version 7.1, and macOS prior to version 7....

PYSEC-2021-741

TensorFlow is an end-to-end open source platform for machine learning. The implementation of ParseAttrValuehttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attrvalueutil.ccL397-L453 can be tricked into stack overflow due to recursion...

CVE-2021-32613

In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS...