Out-of-bounds

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData...

Design/Logic Flaw

dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame...

CVE-2020-29245

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData...

CVE-2020-29245

The CVE-2020-29245 issue affects the Go package github.com/dhowden/tag, where multiple code paths panic due to out-of-bounds reads in readAtomData and related parsing paths (e.g., readPICFrame/readAPICFrame). The root cause is improper bounds checking, leading to panics when parsing user-supplied...

CVE-2020-29244

The CVE-2020-29244 entry concerns the Go library github.com/dhowden/tag. It is triggered by improper bounds checking in functions such as readTextWithDescrFrame (and related readPICFrame/readAtomData paths), causing a panic: runtime error: slice bounds out of range. Exposures reported as a Denial...

CVE-2020-29244

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame...

CVE-2020-29243

CVE-2020-29243 affects the Go package github.com/dhowden/tag. The issue is an out-of-bounds read panic triggered in readAPICFrame (and related code paths) that can cause a denial of service. Several connected advisories (GHSA entries and OSV notes) describe improper bounds checking across methods...

CVE-2020-29242

The CVE affects the Go library github.com/dhowden/tag. It describes a panic: runtime error: index out of range in readPICFrame, caused by improper bounds handling. This leads to denial-of-service via a crash when parsing PIC frames. Public references in the Connected documents corroborate a DoS v...

CVE-2020-35381

jsonparser 1.0.0 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a GET call...

CVE-2020-35381

jsonparser 1.0.0 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a GET call...

Out-of-bounds

jsonparser 1.0.0 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a GET call...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.5.23 security and bug fix update

Red Hat OpenShift Container Platform release 4.5.23 is now available with updates to packages and images that fix several bugs. This release includes a security update for Kubernetes for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security...

CVE-2020-35381

jsonparser 1.0.0 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a GET call...

CVE-2020-35381

jsonparser 1.0.0 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a GET call...

Denial Of Service (DoS)

imagemagick is vulnerable to denial of service DoS. The vulnerability exists in the MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker could exploit this vulnerability by providing untrusted input data which may lead to a divide-by-zero runtime error and application crash...

CVE-2018-17143

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...

CVE-2018-17847

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in nodeStack.pop in node.go, called from parser.clearActiveFormattingElements, during an html.Parse call...

CVE-2018-17142

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...

openSUSE: Security Advisory for links (openSUSE-SU-2019:2185-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for links (moderate)

openSUSE Security Update: Security update for links Announcement ID: openSUSE-SU-2019:2185-1 Rating: moderate References: 1149886 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that contains security fixes can now be...