split-html-to-chars 安全漏洞

split-html-to-chars is used to split HTML into characters. A denial of service vulnerability exists in split-html-to-chars v1.0.5, which can be exploited by an attacker to cause a denial of service when splitting crafted invalid html...

PT-2022-11325 · Unknown · Split-Html-To-Chars

Name of the Vulnerable Software and Affected Versions: split-html-to-chars version 1.0.5 Description: A Regular Expression Denial of Service ReDOS issue was found in the software when it processes crafted invalid HTML. This occurs due to inefficient regular expression patterns that can lead to...

Huawei MindSpore Community 数字错误漏洞

Huawei MindSpore Community is an open source deep learning framework from Huawei China.A numerical error vulnerability exists in versions prior to Huawei MindSpore Community 1.3.0, which stems from the fact that when performing the initialization operation of the Split operator, if a dimension in...

grub2: Out-of-bound write when handling split HTTP headers

A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a maliciou...

grub2: Out-of-bound write when handling split HTTP headers

A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a maliciou...

grub2: Out-of-bound write when handling split HTTP headers

A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a maliciou...

grub2: Out-of-bound write when handling split HTTP headers

A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a maliciou...

Denial Of Service (DoS)

grub2 is vulnerable to denial of service. The vulnerability exists due to out-of-bounds write when handling split HTTP headers which allows an attacker to crash the application via malicious input...

RHEL 8 : grub2, mokutil, shim, and shim-unsigned-x64 (RHSA-2022:5095)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5095 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

RHEL 8 : grub2, mokutil, and shim (RHSA-2022:5098)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5098 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

SUSE: Security Advisory (SUSE-SU-2022:2038-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for grub2 (SUSE-SU-2022:2035-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

split-cityexcursions.com Cross Site Scripting vulnerability OBB-2641248

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

grub2 缓冲区错误漏洞

grub2 is a Linux system boot program from the US GNU community. A buffer error vulnerability exists in grub2 that stems from an out-of-bounds write when handling split HTTP headers...

AttesterSlashing number overflow

Impact Possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Since we represent uint64 values as native javascript numbers, there is an issue when those variables with large greater than 2^53 uint64 values are included on chain. In those...

GHSA-CVJ7-5F3C-9VG9 AttesterSlashing number overflow

Impact Possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Since we represent uint64 values as native javascript numbers, there is an issue when those variables with large greater than 2^53 uint64 values are included on chain. In those...

CVE-2022-29219

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

CVE-2022-29219 Integer Overflow in Lodestar

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

CVE-2022-29219 Integer Overflow in Lodestar

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

CVE-2022-29219

Lodestar (TypeScript Ethereum Consensus) before v0.36.0 is vulnerable due to using native JavaScript numbers for uint64 values in AttesterSlashing/ProposerSlashing, causing rounding errors for large values (>2^53). This can yield consensus splits or valid Slashing being treated as invalid, pot...