CVE-2023-36281
https://notcve.org/view.php?id=CVE-2023-36281
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template. • https://github.com/tagomaru/CVE-2023-36281 https://github.com/miguelc49/CVE-2023-36281-2 https://github.com/miguelc49/CVE-2023-36281-1 https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55 https://github.com/hwchase17/langchain/issues/4394 https://github.com/langchain-ai/langchain/releases/tag/v0.0.312 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2020-19725
https://notcve.org/view.php?id=CVE-2020-19725
It can cause segmentation faults or arbitrary code execution. • https://github.com/Z3Prover/z3/issues/3363 • CWE-416: Use After Free •
CVE-2020-18652 – exempi: denial of service via opening of crafted webp file
https://notcve.org/view.php?id=CVE-2020-18652
Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. A buffer overflow flaw was found in the exempi package. This issue occurs in WEBP_Support.cpp and may allow remote attackers to cause a denial of service via opening a crafted webp file. • https://gitlab.freedesktop.org/libopenraw/exempi/commit/acee2894ceb91616543927c2a6e45050c60f98f7 https://gitlab.freedesktop.org/libopenraw/exempi/issues/12 https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html https://access.redhat.com/security/cve/CVE-2020-18652 https://bugzilla.redhat.com/show_bug.cgi? • CWE-787: Out-of-bounds Write •
CVE-2022-48174 – busybox: stack overflow vulnerability in ash.c leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-48174
In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. ... This issue occurs via a stack overflow vulnerability in ash.c in BusyBox, which may allow arbitrary code execution. • https://bugs.busybox.net/show_bug.cgi?id=15216 https://access.redhat.com/security/cve/CVE-2022-48174 https://bugzilla.redhat.com/show_bug.cgi?id=2237153 • CWE-787: Out-of-bounds Write •
CVE-2020-35357
https://notcve.org/view.php?id=CVE-2020-35357
Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. • https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859 https://lists.debian.org/debian-lts-announce/2023/09/msg00023.html https://savannah.gnu.org/bugs/?59624 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •