expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...

GHSA-57J2-W4CX-62H2 Deeply nested json in jackson-databind

jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects...

DEBIAN-CVE-2021-26401

LFENCE/JMP mitigation V2-2 may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs...

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...

Critical: expat

Issue Overview: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

Critical: expat

Issue Overview: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

USN-5317-1 linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oem-5.14, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities

Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-25636 Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida...

PT-2022-16844 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 21.0.8 Nextcloud Server versions prior to 22.2.4 Nextcloud Server versions prior to 23.0.1 Description: The issue affects Nextcloud server, an open source, self-hosted cloud style services platform. An...

AMD and Intel Processor Advisory - Lenovo Support US

No description provided...

AMD Processors 信息泄露漏洞

AMD Processors is a processor from the American company AMD. AMD Processors suffers from an information disclosure vulnerability that stems from deficiencies in the hardware mitigations that AMD has added to their products. An attacker could exploit this vulnerability to obtain sensitive...

AMD CPUs 安全漏洞

AMD CPUs is a GPU component from AMD Corporation. A security vulnerability exists in AMD CPUs that stems from an attacker being able to bypass access restrictions to AMD processor data via the branch predictor selector lfence/jmp to read sensitive information...

PT-2022-1954 · Intel +8 · Intel Processors +8

Name of the Vulnerable Software and Affected Versions: Intel Processors affected versions not specified Description: The issue is related to errors in parameter processing in the implementation of the Intra-mode BTI IMBTI mode of Intel processor microcode. It may allow an authorized user to...

UBUNTU-CVE-2022-24685

HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6...

[SECURITY] Fedora 34 Update: qemu-5.2.0-9.fc34

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Inside the Lab Where Intel Tries to Hack Its Own Chips

Researchers at iSTARE have to think like the bad guys, finding critical flaws before processors go to production...

Updated expat packages fix security vulnerability

Passing malformed 2- and 3-byte UTF-8 sequences e.g. from start tag names to the XML processing application on top of Expat can cause arbitrary damage e.g. code execution depending on how invalid UTF-8 is handled inside the XML processor; validation was not their job but Expat's. Exploits with co...

Sha256 Crypt和Sha512 Crypt 安全漏洞

Both Sha256 Crypt and Sha512 Crypt are a cryptographic hash function by the individual developer Ulrich Drepper. A security vulnerability exists in Sha256 Crypt and Sha512 Crypt that allows an attacker to cause a denial of service CPU consumption by exploiting the vulnerability because the...

Fedora: Security Advisory for zsh (FEDORA-2022-adf0c6d196)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23578 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23578 Source advisory: OSV:GHSA-8R7C-3CM2-3H8F...