CVE-2023-44386 Incorrect request error handling triggers server crash in Vapor

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2...

AZL-37411 CVE-2023-24538 affecting package golang for versions less than 1.21.6-1

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

SUSE CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

SUSE CVE-2018-5686

In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdfparsearray function pdf/pdf-parse.c because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file...

SUSE CVE-2018-19218

In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parsecssvariablevaluetoken that will lead to a DoS attack...

SUSE CVE-2022-27950

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hidparse error condition...

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11 a memory leak exists for a certain hid_parse error condition.

...

DEBIAN-CVE-2022-27950

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hidparse error condition...

CVE-2022-27950

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hidparse error condition...

AZL-9209 CVE-2022-27950 affecting package kernel for versions less than 5.15.37.1-2

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hidparse error condition...

UBUNTU-CVE-2022-27950

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hidparse error condition...

Command injection in Parse Server through prototype pollution

Impact This is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file DatabaseController.js, so it is likely to affect...

GHSA-C38G-469G-CMGX Improper Neutralization of Special Elements in Output in helm.sh/helm/v3

Since Helm 2 was released, a well-documented aspect of Helm is that the Helm chart's version number MUST follow the SemVer2 specification. In the past, Helm would not permit charts with malformed versions. At some point, a patch was merged that changed this - On a version parse error, the version...

python: email.utils.parseaddr wrongly parses email addresses

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...

Denial Of Service (DoS)

libsass.so is vulnerable to buffer over-read vulnerability. When an attacker passes a malicious argument, it causes a parse error in parseiekeywordarg, leading to the argument kwdarg to be unfreed and a buffer over-read...

Denial Of Service (DoS)

github.com/tdewolff/parse is vulnerable to denial of service. An infinite loop on unicode code points during re-parsing after parse error results in a denial of service condition...

DEBIAN-CVE-2018-13845

An issue has been found in HTSlib 1.8. It is a buffer over-read in samparse1 in sam.c...

DEBIAN-CVE-2017-1000082

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit e.g. "0day", running the service in question with root privileges rather than the user intended...

DEBIAN-CVE-2014-8625

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

BugHunter HTTP Server 1.6.2 Parse Error Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24566/info BugHunter HTTP Server is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information. Information obtained may lead to further attacks. This issu...