GHSA-4Q6P-R6V2-JVC5 Chaijs/get-func-name vulnerable to ReDoS

The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: js const functionNameMatch = /\sfunction?:\s|\s/^?:/+\/\s^\s/+/; This vulnerability can be exploited...

CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

DEBIAN-CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

CVE-2023-2084

CVE-2023-2084 affects the WordPress Essential Blocks plugin for WordPress, vulnerable up to version 4.0.6. The root cause is a missing capability check in the get function, allowing subscriber-level attackers to read or obtain plugin settings. Although a nonce check exists, it only runs when a no...

The vulnerability of the qmp_get() function (driver/soc/qcom/qcom_aoss.c) in the Qualcomm AOSS driver for Linux operating systems allows a hacker to induce a service failure.

The vulnerability of the qmpget function driver/soc/qcom/qcomaoss.c in the Qualcomm AOSS driver for Linux operating systems is related to errors during the update of the link counters. Exploiting this vulnerability can allow an attacker to cause a service failure...

PT-2023-35003 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue is related to a double increment of client count in the dma chan get function. This problem was introduced in version v4.0 and is fixed in Linux Kernel version v6.1.9. The actual...

PT-2023-10189 · Opendns · Opendns Openresolve

Name of the Vulnerable Software and Affected Versions: OpenDNS OpenResolve affected versions not specified Description: A problem was found in OpenDNS OpenResolve, related to the function get of the file resolverapi/endpoints.py of the component API. This issue leads to cross site scripting. The...

PT-2022-25826 · Unknown · Qmpass/Leadshop

Name of the Vulnerable Software and Affected Versions: qmpass/leadshop version 1.4.15 Description: The issue allows an attacker to control the target host by calling any function in leadshop.php via the GET method, potentially leading to remote code execution RCE. This can enable an attacker to...

rubygem-tzinfo: arbitrary code execution

A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within t...

CVE-2022-25302

All versions of package asneg/opcuastack are vulnerable to Denial of Service DoS due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message...

Design/Logic Flaw

All versions of package asneg/opcuastack are vulnerable to Denial of Service DoS due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message...

libjpeg 缓冲区错误漏洞

libjpeg is a C language library for processing JPEG format image data. It includes JPEG decoding, JPEG encoding and other JPEG functions. A buffer error vulnerability exists in libjpeg commit number: 281daa9, which stems from a memory segment error in HuffmanDecoder::Get in its huffmandecoder.hpp...

OS Command Injection

Heroku-env is vulnerable to OS command injection. The vulnerability is due to the function get that executes a shell command with unsanitized user input. An attacker can inject shell code using the app parameter, using the control operator & or && followed by an arbitrary command...

ALPINE-CVE-2022-30784

A crafted NTFS image can cause heap exhaustion in ntfsgetattributevalue in NTFS-3G through 2021.8.22...

PT-2021-23565 · Gjson · Gjson

Name of the Vulnerable Software and Affected Versions: GJSON versions 1.9.2 and earlier GJSON version 1.9.3 is not affected, but versions prior to 1.9.3 are vulnerable, so the correct consolidation is: GJSON versions prior to 1.9.3 Description: The issue allows attackers to cause a ReDoS regular...

DEBIAN-CVE-2021-39516

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function HuffmanDecoder::Get located in huffmandecoder.hpp. It allows an attacker to cause Denial of Service...

Arbitrary Code Execution

Overview total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Arbitrary Code Execution via the U.set and...

PT-2020-3580 · Google +4 · Android +4

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 Description: The issue is related to a use-after-free vulnerability in the cdev get function of char dev.c due to a race condition. This could lead to local escalation of privilege with System execution privileges...

PT-2020-13233 · Acutect +3 · Tcpreplay +3

Name of the Vulnerable Software and Affected Versions: Tcpreplay versions 4.3.2 and earlier Description: The issue is a heap-based buffer over-read that occurs during a get c operation, specifically triggered in the function get ipv6 next at common/get.c. Recommendations: For Tcpreplay versions...

The vulnerability of the Parus-Budget enterprise automation system allows a perpetrator to execute any arbitrary code.

The vulnerability of the TComboboxStrings.Get function in the Parus-Budget enterprise automation system is related to the lack of checks on the data entered by users. Exploiting this vulnerability can allow an attacker to cause a stack overflow and execute arbitrary code...