Yiheng Cao
Yiheng Cao
## Security Vulnerability - Action Required: XXE vulnerability in the newest version of buck Hi there, I think the method `com.facebook.buck.features.project.intellij.WorkspaceUpdater.createDocumentBuilder()` may have an XXE vulnerability which is vulnerable in...
I have seen your project which can generate vulnerability dataset(https://github.com/squizz617/vulnDBGen/tree/f4cb690e43e5c4fe212a85317782cfe13a3c9bab), so I want to add some newest vulnerability, but except for the https://iotcube.korea.ac.kr/ you provided, I have not seen any...
When I use joern to parse Java rawcode I met such error: ``` sh: 1: cannot open init: No such file ``` The script I've used is : ``` @main...
CVE-2020-24370 is a security vulnerability in lua. Although the CVE decription in [CVE-2020-24370](https://nvd.nist.gov/vuln/detail/CVE-2020-24370) said that this CVE only affected [lua](https://www.lua.org/bugs.html#5.4.0-11) 5.4.0, according to lua this CVE actually existed since lua...
CVE-2020-24370 is a security vulnerability in lua. Although the CVE decription in [CVE-2020-24370](https://nvd.nist.gov/vuln/detail/CVE-2020-24370) said that this CVE only affected [lua](https://www.lua.org/bugs.html#5.4.0-11) 5.4.0, according to lua this CVE actually existed since lua...
Hi, our tool has detect that the `Buffer_EscapeStringValidated` function in `contrib/python/pandas/py2/pandas/_libs/src/ujson/lib/ultrajsonenc.c` and `contrib/python/pandas/py3/pandas/_libs/src/ujson/lib/ultrajsonenc.c` may have a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode), which shares similarities to a recent...
CVE-2021-46822 is a security vulnerability in libjpeg-turbo, which is used in this project. The root cause of this CVE is heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. Would...
CVE-2020-24370 is a security vulnerability in lua. Although the CVE decription in [CVE-2020-24370](https://nvd.nist.gov/vuln/detail/CVE-2020-24370) said that this CVE only affected [lua](https://www.lua.org/bugs.html#5.4.0-11) 5.4.0, according to lua this CVE actually existed since lua...
`getnum` in `app/modules/struct.c` potentially has an integer overflow if `fmt` is set too large. It might be triggered by running such lua statement: `EVAL "struct.pack('>I2147483648', '10')" 0` It can be...
our team have developed a recurring vulnerability detection tool. This tool mainly uses static analysis methods, and it has a high detection accuracy in our dataset. We have also received...