JerryScript 缓冲区错误漏洞

JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in JerryScript version 3.0.0 1a2c047, which originates in the component parserparsefunctionstatement in /jerry-core/parser/js/js-parser-statm.c contains a heap buffer overflow...

CVE-2023-31910

Removed by vendor...

PT-2023-6791 · Yajl +11 · Yajl +11

Name of the Vulnerable Software and Affected Versions: yajl version 2.1.0 Description: The issue is related to a memory leak caused by the use of the yajl tree parse function in the yajl library. This can lead to out-of-memory conditions in servers, resulting in crashes. The vulnerability can be...

PT-2023-35797 · Git +1 · Mongoose

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow read issue was identified, with a crash type of Heap-buffer-overflow READ 1. The crash occurred in the mg mqtt parse function,...

Integer overflow

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

XML External Entity (XXE) Injection

weixin-python is vulnerable to XML External Entity XXE Injection. The vulnerability exists due to the parse function in msg.py and the toxml function in pay.py because xml entities are allowed to be resolved, allowing an attacker to inject and execute malicious XML documents to perform requests o...

SUSE CVE-2010-3069

Stack-based buffer overflow in the 1 sidparse and 2 domsidparse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted Windows Security ID SID on a file share...

SUSE CVE-2016-10397

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...

SUSE CVE-2019-14292

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1...

SUSE CVE-2020-35507

There's a flaw in bfdpefparsefunctionstubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability...

Regular Expression Denial Of Service (ReDoS)

cookiejar is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in the parse function of cookiejar.js due to inefficient regular expression complexity which allows an attacker to crash the application by submitting a malicious string...

CookieJar 安全漏洞

CookieJar is a simple and robust cookie library. A security vulnerability exists in CookieJar versions prior to 2.1.4, which stems from the use of insecure regular expressions in the Cookie.parse function...

Vercel ms Inefficient Regular Expression Complexity vulnerability

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

CVE-2017-20162

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

UBUNTU-CVE-2017-20162

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

CVE-2017-20162

CVE-2017-20162 affects the Vercel ms package up to 1.x. The vulnerability lies in the parse function of index.js, where manipulating the string argument (str) enables a regular expression denial of service (ReDoS). The issue can be exploited remotely; a public exploit has been disclosed. Remediat...

CVE-2017-20162 vercel ms index.js parse redos

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

PT-2023-10614 · Vercel · Vercel Ms

Name of the Vulnerable Software and Affected Versions: vercel ms versions up to 1.x Description: A problematic issue has been found in the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated...

The vulnerability of the mw.message.parse() function in the software framework for implementing the MediaWiki hypertext environment allows a attacker to perform XSS attacks.

The vulnerability of the mw.message.parse function in the MediaWiki software environment exists because measures to protect the structure of web pages have not been taken. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...