[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15166 Download | Alert*

An issue was discovered in NumPy 1.16.0 and earlier. It uses the picklePython module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call.

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp.

An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.

An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.

** DISPUTED ** In the GNU C Library through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by "*" in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.

memory-based DoS in libtiff-tools2bw

** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossi ...

memory-based DoS in tiff2bw

lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   1516

© SecPod Technologies