CVE-2024-42482 fish-shop/syntax-check Improper Neutralization of Delimiters

fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...

CVE-2024-42482 fish-shop/syntax-check Improper Neutralization of Delimiters

fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.334.6.el7 - loop: Fix a race between loop detach and loop open Gulam Mohamed Orabug: 36197800 - x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs Alexandre Chartre Orabug: 36672495 - x86/bhi: Avoid warning in DB handler due to BHI mitigation Alexandre Chartre...

syntax-check 安全漏洞

syntax-check is an open source syntax checking tool from fish-shop. A security vulnerability exists in syntax-check, which stems from improper delimiter neutralization in pattern input...

PT-2024-29979 · Fish Shop · Syntax-Check

Name of the Vulnerable Software and Affected Versions: fish-shop/syntax-check versions prior to v1.6.12 fish-shop/syntax-check versions prior to v2.0.0 Description: The issue is related to improper neutralization of delimiters in the pattern input, specifically the command separator ; and command...

ALPINE-CVE-2024-7264

libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...

CURL-CVE-2024-7264 ASN.1 date parser overread

libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...

The vulnerability of Eclipse Jetty servlet containers, related to improper handling of citation syntax, allows attackers to execute arbitrary code.

The vulnerability of Eclipse Jetty servlet containers relates to the creation of the command line, which contains multiple tokens instead of just one. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

[SECURITY] Fedora 40 Update: curl-8.6.0-9.fc40

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

ROS-20240729-10

Vulnerability in HttpServletRequest.getParameter andHttpServletRequest.getParts functions of servlet container Eclipse Jetty is related to the allocation of unlimited memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service The Eclipse Jetty...

freeing stack buffer in utf8asn1str

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. It can detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte local stack buffer. Most modern malloc implementations detect this error and immediately abort...

Juniper Networks Junos OS Security Vulnerability

Juniper Networks Junos OS is a Juniper Networks USA network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS has a security vulnerability that originates from the presence of an...

The vulnerability of the libavcodec/cbs_h266_syntax_template.c file in the multimedia library FFmpeg allows a hacker to execute arbitrary code.

The vulnerability in the libavcodec/cbsh266syntaxtemplate.c file of the multimedia library FFmpeg is related to unvalidated array indexing. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Moderate: Red Hat Security Advisory: python-jinja2 security update

An update for python-jinja2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...

Malicious code in syntax-init (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6059 Malicious code in syntax-init (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in sylex-syntax (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6055 Malicious code in sylex-syntax (PyPI)

--- -= Per source details. Do not edit below this line.=-...