DEBIAN-CVE-2020-17541

Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service...

UBUNTU-CVE-2020-17541

Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service...

Libjpeg-turbo 缓冲区错误漏洞

DRC libjpeg-turbo is a DRC open source application. It provides a JPEG image codec that uses SIMD instructions to accelerate baseline JPEG compression and decompression on x86, x86-64, Arm, PowerPC, and MIPS systems, as well as progressive JPEG compression on x86, x86-64, and Arm systems. A...

CVE-2021-33509

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

Code injection

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

PYSEC-2021-81

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

CVE-2021-33509

Plone 5.2.4 and earlier are affected by an arbitrary file-write vulnerability. Remote authenticated managers can cause disk I/O by sending crafted keyword arguments to the ReStructuredText transform in Python scripts, enabling potential file writes to the server. Root cause is exposed via docutil...

CVE-2021-33509

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...

GHSA-5RCV-M4M3-HFH7 golang.org/x/text Infinite loop

Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

golang.org/x/text Infinite loop

Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

PYSEC-2021-688

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.IRFFT. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,...

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in Google TensorFlow tf.rawops.RFFT. An attacker can exploit this vulnerability to cause a CHECK-failure denial of service...

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in the implementation of tf.rawops.IRFFT in Google TensorFlow. An attacker can exploit this vulnerability to cause a CHECK-failure denial of service...

The vulnerability of the sub-components of the General Ledger Update Transform and Reports component of the Oracle iSetup system, a business automation solution from Oracle E-Business Suite. This vulnerability allows an intruder to gain unauthorized access to the device.

The vulnerability of the General Ledger Update Transform and Reports components of the Oracle iSetup component in the Oracle E-Business Suite system involves code errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device through HTT...

DEBIAN-CVE-2021-20311

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from...

CVE-2021-2276

Vulnerability in the Oracle iSetup product of Oracle E-Business Suite component: General Ledger Update Transform, Reports. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

PT-2021-2849

Name of the Vulnerable Software and Affected Versions Oracle iSetup versions 12.1.3 and 12.2.3 through 12.2.10 Description The issue is related to errors in the code of the General Ledger Update Transform and Reports components of Oracle iSetup in the Oracle E-Business Suite system. This can allo...

PT-2021-13882 · Unknown +3 · Imagemagick +3

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.11 Description: A flaw in ImageMagick may trigger undefined behavior via a crafted image file, potentially affecting system availability. The issue arises from a division by zero in the sRGBTransformImage...

CVE-2021-25906

An issue was discovered in the basicdspmatrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed...