GPT-SoVITS-WebUI 命令注入漏洞

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI openslice function, which can be exploited by an attacker to execute arbitrary commands on the system...

allyaudio (>=0.1.0 <=0.4.0), ambisonic (>=0.4.0 <=0.4.1) +130 more potentially affected by unknown CVE via slice-ring-buffer (=0.3.4)

slice-ring-buffer CARGO version =0.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on slice-ring-buffer and may be impacted: - allyaudio =0.1.0, =0.4.0, =0.0.9, =0.0.3, =0.0.1, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.0.0, =0.1.0 - bevykiraaudio =0.4.0 and...

RUSTSEC-2025-0044 Four unique double-free vulnerabilities triggered via safe APIs

The crate slice-ring-buffer was developed as a fork of slice-deque to continue maintenance and provide security patches, since the latter has been officially unmaintained RUSTSEC-2020-0158. While slice-ring-buffer has addressed some previously reported memory safety issues inherited from its fork...

PT-2025-29533 · Crates.Io · Slice-Ring-Buffer

The crate slice-ring-buffer was developed as a fork of slice-deque to continue maintenance and provide security patches, since the latter has been officially unmaintained RUSTSEC-2020-0158. While slice-ring-buffer has addressed some previously reported memory safety issues inherited from its fork...

gstreamer1-plugins-bad-free: mingw-gstreamer1-plugins-bad-free: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

A flaw was found in GStreamer H265 Codec Parsing gstreamer1-plugins-bad-free. This vulnerability allows remote attackers to execute arbitrary code by parsing H265 slice headers...

Denial Of Service (DoS)

github.com/gofiber/fiber/v2 is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input handling in the Ctx.BodyParser method panicking when processing user-supplied input with negative slice indices instead of returning an error...

CVE-2024-32646

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

CVE-2024-34050

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64b216 | uint64b18 | uint64b0" in reader.go...

CVE-2023-23143

Buffer overflow vulnerability in function avcparseslice in file mediatools/avparsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master...

CVE-2023-21298

In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21295

In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21294

In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-20335

In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20004

In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-37686

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...

CVE-2021-41751

Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecmabuiltinarrayprototypeobjectslice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021...

CVE-2020-6840

In mruby 2.1.0, there is a use-after-free in hashslice in mrbgems/mruby-hash-ext/src/hash-ext.c...

CVE-2020-29245

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData...

CVE-2020-29244

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame...

CVE-2019-15543

An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases...