GHSA-G452-6RFC-VRVX Prototype Pollution in open-graph

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

PT-2021-15507 · Unknown · Open-Graph

Name of the Vulnerable Software and Affected Versions: open-graph versions prior to 0.2.6 Description: The issue affects the parse function, which can be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload. This could potentially lead to unintended...

XML2Dict XML Entity Expansion Vulnerability

XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. The parse function does not properly restrict recursive entity references...

Prototype Pollution in templ8

All versions of package templ8 up to and including 0.0.44 are vulnerable to Prototype Pollution via the parse function...

Remote Code Execution (RCE)

@thi.ng/egf is vulnerable to remote code execution. The vulnerability exists due to EGF parse function attempting to decrypt values...

kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow

A flaw was found in the HDLCPPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the pppcpparsecr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data...

CVE-2020-7702

All versions of package templ8 are vulnerable to Prototype Pollution via the parse function...

Prototype Pollution

Overview Templ8 is a JavaScript Client/ Server Template Engine Affected versions of this package are vulnerable to Prototype Pollution via the parse function. POC const Templ8 = require'Templ8'; var tpl = new Templ8 'proto.polluted=true' ; tpl.parse; console.logpolluted //true Details Prototype...

PT-2020-19725 · Npm · Templ8

Name of the Vulnerable Software and Affected Versions: templ8 versions prior to 0.0.45 Description: The issue concerns Prototype Pollution via the parse function. This affects all versions of the templ8 package up to and including 0.0.44. Recommendations: For versions prior to 0.0.45, update to...

Prototype Pollution in ini-parser

All versions of ini-parser are vulnerable to prototype pollution. The parse function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Conside...

GHSA-96R7-MRQF-JHCC Prototype Pollution in ini-parser

All versions of ini-parser are vulnerable to prototype pollution. The parse function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Conside...

Buffer overflow

Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2019-14038

Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2019-14038

CVE-2019-14038 is a buffer over-read in the ADSP parse function caused by a missing check for sufficient data payload in a Qualcomm Snapdragon ADSP command response. Affected are Snapdragon products across multiple lines (Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, We...

GHSA-RC77-XXQ6-4MFF Command Injection in hot-formula-parser

Versions of hot-formula-parser prior to 3.0.1 are vulnerable to Command Injection. The package fails to sanitize values passed to the parse function and concatenates it in an eval call. If a value of the formula is supplied by user-controlled input it may allow attackers to run arbitrary commands...

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...

Command Injection

Overview Versions of hot-formula-parser prior to 3.0.1 are vulnerable to Command Injection. The package fails to sanitize values passed to the parse function and concatenates it in an eval call. If a value of the formula is supplied by user-controlled input it may allow attackers to run arbitrary...

CVE-2019-16277

PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c...

Xpdf out-of-bounds read vulnerability (CNVD-2019-26662)

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. An out-of-bounds read vulnerability exists in the GfxPatchMeshShading::parse function in GfxState.cc in Xpdf 4.01.01. An attacker can exploit this vulnerability to cause a denial of...

CVE-2019-14293

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2...