11 matches found
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the bz2.BZ2Decompressor objects. An attacker can cause out-of-bounds writes to a stack buffer by reusing a decompressor object after a decompression error and providing crafted input. This can result in...
Arbitrary Code Injection
Overview llm is a CLI utility and Python library for interacting with Large Language Models from organizations like OpenAI, Anthropic and Gemini plus local models installed on your own machine. Affected versions of this package are vulnerable to Arbitrary Code Injection via the --functions...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the parsing of dimension names. An attacker can achieve arbitrary code execution by enticing a user to open a specially crafted file or visit a malicious page, which leads to improper validation of...
Protection Mechanism Failure
Overview mad-proxy is a Lightweight HTTP/HTTPS interception proxy with real-time traffic firewall and domain block. Affected versions of this package are vulnerable to Protection Mechanism Failure via the HTTP/HTTPS Traffic. An attacker can access sensitive traffic by bypassing established...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference affecting VerifyVoteExtension and vote verification functions. An attacker can cause intermittent validator panics and disrupt consensus operations by submitting a VoteExtension message with the blockhash field...
Synchronous Access of Remote Resource without Timeout
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Synchronous Access of Remote Resource without Timeout by using the option for connecting to an external filesystem via the sshfs-client. An attacker can cause the...
HTTP Request Smuggling
Overview llhttp is a set of Ruby bindings for llhttp. Affected versions of this package are vulnerable to HTTP Request Smuggling. when the llhttp parser in the http module does not adequately delimit HTTP requests with CRLF sequences. Remediation There is no fixed version for llhttp. References -...
Inadequate Encryption Strength
Overview randompasswordgenerator is a generates a random password with various useful options. Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of Kernelrand to generate passwords, which, as a result of its cyclic nature, can facilitate password...
Double Free
Overview Affected versions of this package are vulnerable to Double Free via the component sixelchunkdestroy at /root/libsixel/src/chunk.c. Remediation There is no fixed version for libsixel. References - GitHub Issue...
Command Injection
Overview lycwed-spritesheetjs is a command-line spritesheet a.k.a. Texture Atlas generator written in Node.js. Affected versions of this package are vulnerable to Command Injection. PoC var spritesheet = require"lycwed-spritesheetjs"; spritesheet"./", fuzz:"& touch 111233 ", ext: "json" , functio...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection a malicious user could inject commands through the data variable: Affected Area require'../server/getJsonByCurl'mock2easy, function error, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , '',...