奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

Null dereference

There is no check for the failed malloc https://github.com/rui314/8cc/blob/b480958396f159d3794f0d4883172b21438a8597/cpp.c#L65 may load to null deference in line https://github.com/rui314/8cc/blob/b480958396f159d3794f0d4883172b21438a8597/cpp.c#L66

rename a local variable

1 comment

Hi all, There a renamed vairable issue found by Qihoo360 CodeSafe Team. Details as bellow: the name of local variable '_stat_lock' declared in line 110 is the same as the...

There is a vulnerability in jQuery 1.7.2,upgrade recommended

https://github.com/facebook/facebook360_dep/blob/2ec9e6558a2263c6033695c2ef3c09bb403b0472/website/static/source/html/jquery.js#L2 CVE-2020-11023 CVE-2020-11022 CVE-2020-7656 Recommended upgrade version:3.5.0.1

Path Manipulation

https://github.com/facebook/FAI-PEP/blob/029528679f64931e993b2911d70e7d6ca4dbf411/libraries/python/onnx_to_caffe2.py#L33 https://github.com/facebook/FAI-PEP/blob/029528679f64931e993b2911d70e7d6ca4dbf411/libraries/python/onnx_to_caffe2.py#L38 Allowing user input to control paths used in file system operations could enable an attacker to access or modify otherwise protected system resources

There is a vulnerability in Guava: Google Core Libraries for Java 24.0-jre,upgrade recommended

https://github.com/google/acai/blob/bd1fdbd5408126ad6ba6d6b1f89507c3fe1ba130/pom.xml#L189 CVE-2018-10237 CVE-2020-8908 Recommended upgrade version:30.0-jre

There is a vulnerability in JUnit 4.12,upgrade recommended

https://github.com/google/acai/blob/bd1fdbd5408126ad6ba6d6b1f89507c3fe1ba130/pom.xml#L199 CVE-2020-15250 Recommended upgrade version:4.13.1

There is a vulnerability in Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.2.3.v20140905,upgrade recommended

https://github.com/google/account-provisioning-for-google-apps/blob/73d408f596564d3a66262fc6b8c657fe602e1b49/pom.xml#L76 CVE-2017-7658 CVE-2017-7657 CVE-2017-9735 Recommended upgrade version: 9.3.29.v20201019

Sql injection

The suggestGet method in the ProvisioningAction.java accepts the parameters in the request and puts them into "userDataMap". ![图片](https://user-images.githubusercontent.com/39950310/61354735-6a6b5500-a8a5-11e9-8136-2ea17d8683eb.png) Finally, participated in the database interaction in the executeQuery() method in H2DataSource.java....

There is a vulnerability in Django 1.11.23,upgrade recommended

https://github.com/Tencent/bk-bcs-saas/blob/5c6b09ce71e36051910a92db6df7b435e9d67cdd/bcs-app/requirements.txt#L1 CVE-2019-19844 CVE-2020-7471 CVE-2020-9402 Recommended upgrade version:1.11.29

There is a vulnerability in Pillow 5.1.0,upgrade recommended

https://github.com/Tencent/bk-bcs-saas/blob/5c6b09ce71e36051910a92db6df7b435e9d67cdd/bcs-app/requirements.txt#L34 CVE-2020-5311 CVE-2020-5312 CVE-2020-5310 CVE-2019-16865 Recommended upgrade version:5.4.0.dev0