CVE-2020-17487

CVE-2020-17487 affects radare2 4.5.0 and causes a segmentation fault in r_x509_parse_algorithmidentifier due to a malformed OBJECT IDENTIFIER in IMAGE_DIRECTORY_ENTRY_SECURITY while parsing PE signature data. Connected sources confirm the issue and link it to an OID-related parsing bug in libr/ut...

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

CVE-2019-9578

In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device...

AZL-44574 CVE-2009-5155 affecting package suitesparse 7.11.0-1

In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...

OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)

It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL...

CVE-2016-4708

CVE-2016-4708 affects CFNetwork across Apple platforms (iOS before 10, OS X before 10.12, tvOS before 10, watchOS before 3). Root cause: input parsing/validation flaw in the Set-Cookie header handling that can disclose sensitive information via a crafted HTTP response. Impact: information disclos...

CVE-2016-0138

CVE-2016-0138 affects Microsoft Exchange Server components across multiple versions (2007 SP3, 2010 SP3, 2013 SP1, 2013 CU12/CU13, 2016 CU1/CU2). The issue stems from misparsing of unstructured email content, which could allow remote authenticated attackers to disclose sensitive information from ...

CVE-2016-4080

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet...

CVE-2016-4080

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet...

keystonemiddleware/keystoneclient: S3Token TLS cert verification option not honored

It was discovered that some items in the S3Token paste configuration as used by python-keystonemiddleware formerly python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option were set to "false", the option would be evaluated as true,...

Design/Logic Flaw

LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via 1 a malformed Transport header, which triggers misparsing in parsetransportheader in RTSPsetup.c, as demonstrated by a Transport header that contains only a...