Security
Headlines
HeadlinesLatestCVEs

Tag

#google

CVE-2021-33194: [security] Vulnerability in golang.org/x/net/html

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

CVE
Open in Source
#vulnerability#google#dos
CVE-2018-25013: 1956926 – (CVE-2018-25013) CVE-2018-25013 libwebp: out-of-bounds read in ShiftBytes()

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.

CVE-2020-36329: use-after-free in EmitFancyRGB() in dec/io_dec.c

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-36328: heap-based buffer overflow in WebPDecode*Into functions

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-36331: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

CVE-2018-25010: 1956918 – (CVE-2018-25010) CVE-2018-25010 libwebp: out-of-bounds read in ApplyFilter()

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.

CVE-2018-25012: 1956922 – (CVE-2018-25012) CVE-2018-25012 libwebp: out-of-bounds read in WebPMuxCreateInternal()

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.

CVE-2021-20718: GitHub - zmartzone/mod_auth_openidc: OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.

CVE-2021-32817: express-hbs

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .hbs appended to them. For complete details refer to the referenced GHSL-2021-019 report. Notes in documentation have been added to help users of express-hbs avoid this potential information exposure vulnerability.