15 matches found
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
CVE-2025-54486
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This...
AZL-54480 CVE-2024-45338 affecting package containernetworking-plugins 1.1.1-17
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
expat security update
An update is available for expat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat...
CVE-2024-39697 phonenumber panics on parsing crafted phonenumber inputs
phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a...
Moderate: Red Hat Security Advisory: exempi security update
An update for exempi is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
CVE-2023-25005
A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability...
CVE-2022-3095 Incorrect parsing of the backslash characters in Dart library
The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '' characters in URIs, which can lead to auth bypass in webapp...
[SECURITY] Fedora 33 Update: libtraceevent-1.1.1-2.fc33
libtraceevent is a library to parse raw trace event formats...
ABB PB610 Panel Builder 600 PB610 HMIStudio DLL Parsing Vulnerability
ABB PB610 Panel Builder 600 is a software for designing graphical user interfaces for the CP600 control panel platform. A security vulnerability in the ABB PB610 Panel Builder 600 PB610 HMIStudio component parsing DLL allows remote attackers to exploit the vulnerability by submitting a special fi...
Debian Security Advisory DSA 2428-1 (freetype - several vulnerabilities)
Mateusz Jurczyk from the Google Security Team discovered several vulnerabilties in Freetype's parsing of BDF, Type1 and TrueType fonts, which could result in the execution of arbitrary code if a malformed font file is processed. OpenVAS Vulnerability Test $Id: deb24281.nasl 6611 2017-07-07...
Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of products utilizing Oracle's Outside In Technology. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the...
Medium: rpm
Issue Overview: Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. CVE-2011-3378 Affected Packages: rpm Issue...
CentOS Update for expat CESA-2009:1625 centos4 i386
Check for the Version of expat OpenVAS Vulnerability Test CentOS Update for expat CESA-2009:1625 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
libexif: Multiple vulnerabilities
Background libexif is a library for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer overflow vulnerability in t...