22103 matches found
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
...
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
...
Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2
...
Out-of-bounds read in QuickTimeVideo::NikonTagsDecoder in Exiv2
...
Memory corruption issues is Cloudflare zlib implementation
...
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.
...
log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.
...
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.
...
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
...
GSS-NTLMSSP vulnerable to incorrect free when decoding target information
...
Uncaught Exception (due to a data race) leads to process termination in Waitress
...
btrfs: avoid NULL pointer dereference if no valid extent tree
...
sctp: sysctl: rto_min/max: avoid using current->nsproxy
...
block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
...
net: fec: handle page_pool_dev_alloc_pages error
...
pktgen: Avoid out-of-bounds access in get_imix_entries
...
smb: client: fix double free of TCP_Server_Info::hostname
...
vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
...
mptcp: sysctl: sched: avoid using current->nsproxy
...
sctp: sysctl: udp_port: avoid using current->nsproxy
...
Asio C++ Library lacks a fallback error code in the case of SSL_ERROR_SYSCALL
...
Waitress has a denial of service leading to high CPU usage/resource exhaustion
...
Exiv2 has an out-of-bounds read in AsfVideo::streamProperties
...
An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.
...
Out-of-bounds write in exiv2
...
GSS-NTLMSSP vulnerable to memory corruption when decoding UTF16 strings
...
GSS-NTLMSSP vulnerable to multiple out-of-bounds reads when decoding NTLM fields
...
vsock/bpf: return early if transport is not assigned
...
iomap: avoid avoid truncating 64-bit offset to 32 bits
...
ipvlan: Fix use-after-free in ipvlan_get_iflink().
...
filemap: avoid truncating 64-bit offset to 32 bits
...
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
...
sctp: sysctl: auth_enable: avoid using current->nsproxy
...
sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
...
Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).
...
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.
...
GSS-NTLMSSP vulnerable to out-of-bounds read when decoding target information
...
GSS-NTLMSSP vulnerable to memory leak when parsing usernames
...
blk-cgroup: Fix class @block_class's subsystem refcount leakage
...
vxlan: Fix uninit-value in vxlan_vnifilter_dump()
...
fs/proc: fix softlockup in __read_vmcore (part 2)
...
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.
...
USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
...
tty: xilinx_uartps: split sysrq handling
...
usbnet: ipheth: use static NDP16 location in URB
...
usbnet: ipheth: fix DPE OoB read
...
bpf: Fix bpf_sk_select_reuseport() memory leak
...
net: sched: fix ets qdisc OOB Indexing
...
gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
...
vfio/platform: check the bounds of read/write syscalls
...