CVE-2023-36867

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...

Remote code execution

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...

CVE-2023-36867 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

...

CVE-2023-36867 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

...

CVE-2023-36867

CVE-2023-36867 pertains to the Visual Studio Code GitHub Pull Requests and Issues Extension and describes a remote code execution vulnerability . The CVE entry indicates the vulnerability could allow code execution with the attacker’s privileges, with the impact described as arbitrary code execut...

PT-2023-3989 · Microsoft · Visual Studio Code Github Pull Requests/Issues Extension

Name of the Vulnerable Software and Affected Versions: Visual Studio Code GitHub Pull Requests and Issues Extension affected versions not specified Description: The issue is related to errors in processing input data in the Visual Studio Code GitHub Pull Requests and Issues Extension. Exploitatio...

Security Update for Microsoft Visual Studio Code GitHub Pull Requests and Isssues Extension (July 2023)

The Microsoft Visual Studio Code GitHub Pull Requests and Issues Extension is prior to version 0.66.2. It is, therefore, affected by a remote code execution vulnerability. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary...

Apache InLong Deserialization of Untrusted Data Vulnerability

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the autoDeserialize option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pic...

GHSA-757P-7HP5-PQMR Apache InLong Insufficient Session Expiration vulnerability

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to...

GHSA-HM9V-VJ3R-R55M PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such ...

DEBIAN-CVE-2023-36810

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of t...

CVE-2023-36464

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...

Design/Logic Flaw

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...

CVE-2023-36464 Infinite Loop when a comment isn't followed by a character in pypdf

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...

CVE-2023-36464

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...

GHSA-WFG4-322G-9VQV memoffset allows reading uninitialized memory

memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...

RUSTSEC-2023-0045 memoffset allows reading uninitialized memory

memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...

USN-6170-1 libpod vulnerabilities

It was discovered that Podman incorrectly handled certain images. An attacker could possibly use this issue to pull an untrusted image...

CVE-2023-2820

CVE-2023-2820 affects Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) via the faye endpoint. The vulnerability may allow an attacker on an adjacent network to obtain credentials to integrated services through MITM or session-traffic cryptanalysis, enabling impersonation of PTR/T...

CVE-2023-2820

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic...