PT-2024-40680 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash state includes functions such as emit goto, emit class field init, and js parse function...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

domain-suffix 安全漏洞

domain-suffix is a Node.js package. A security vulnerability exists in domain-suffix version 1.0.8, which stems from a vulnerability that allows an attacker to crash an application using crafted input via the parse function...

PT-2024-20898 · Unknown · Domain-Suffix

Name of the Vulnerable Software and Affected Versions: domain-suffix version 1.0.8 Description: The issue allows attackers to crash the application via crafted input to the parse function, resulting in a Denial of Service. This is achieved through a RegEx Denial of Service in the domain-suffix...

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range". PoC go import "fmt"...

SUSE CVE-2023-38851

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xlsparseWorkBook function in xls.c:1018...

CVE-2023-40294

libboron in Boron 2.0.8 has a heap-based buffer overflow in urparseBlockI at iparseblk.c...

Denial Of Service (DoS)

github.com/malfunkt/iprange is vulnerable to Denial of Service DoS attacks. The vulnerability exists in Parse function of y.go, which allows a malicious user to parse a range with a mask larger than 32 bits which causes a panic, resulting in an application crash...

SUSE CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

GHSA-H755-8QP9-CQ85 protobufjs Prototype Pollution vulnerability

protobuf.js aka protobufjs 6.10.0 until 6.11.4 and 7.0.0 until 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and...

CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

ALPINE-CVE-2023-33460

There's a memory leak in yajl 2.1.0 with use of yajltreeparse function. which will cause out-of-memory in server and cause crash...

CVE-2023-31910

Removed by vendor...

JerryScript 缓冲区错误漏洞

JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in JerryScript version 3.0.0 1a2c047, which originates in the component parserparsefunctionstatement in /jerry-core/parser/js/js-parser-statm.c contains a heap buffer overflow...

PT-2023-6791 · Yajl +11 · Yajl +11

Name of the Vulnerable Software and Affected Versions: yajl version 2.1.0 Description: The issue is related to a memory leak caused by the use of the yajl tree parse function in the yajl library. This can lead to out-of-memory conditions in servers, resulting in crashes. The vulnerability can be...

PT-2023-35797 · Git +1 · Mongoose

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow read issue was identified, with a crash type of Heap-buffer-overflow READ 1. The crash occurred in the mg mqtt parse function,...

Integer overflow

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

XML External Entity (XXE) Injection

weixin-python is vulnerable to XML External Entity XXE Injection. The vulnerability exists due to the parse function in msg.py and the toxml function in pay.py because xml entities are allowed to be resolved, allowing an attacker to inject and execute malicious XML documents to perform requests o...

SUSE CVE-2010-3069

Stack-based buffer overflow in the 1 sidparse and 2 domsidparse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted Windows Security ID SID on a file share...