CVE-2024-38427

In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false...

PT-2024-27997 · International Color Consortium · Demoiccmax

Name of the Vulnerable Software and Affected Versions: International Color Consortium DemoIccMAX versions prior to 85ce74e Description: A logic flaw exists in the CIccTagXmlProfileSequenceId::ParseXml function within IccTagXml.cpp, causing it to unconditionally return false. This issue is related...

Rocky Linux 9 : .NET 8.0 (RLSA-2024:2842)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2842 advisory. dotnet: stack buffer overrun in Double Parse CVE-2024-30045 dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop...

Rocky Linux 9 : .NET 7.0 (RLSA-2024:2843)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2843 advisory. dotnet: stack buffer overrun in Double Parse CVE-2024-30045 dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop...

CVE-2024-32898

In ProtocolCellIdentityParserV4::Parse of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation...

SUSE CVE-2024-36761

naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs...

PT-2024-26435 · Libyaml · Libyaml

Name of the Vulnerable Software and Affected Versions: libyaml version 0.2.5 Description: The issue affects the function yaml parser parse of the file /src/libyaml/src/parser.c, making libyaml vulnerable to Denial of Service DDOS attacks. Recommendations: As a temporary workaround, consider...

Google Pixel Security Breach

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a lack of bounds checking in the ProtocolCellIdentityParserV4::Parse module of protocolnetadapter.cpp, which may allow out-of-bounds reads...

CVE-2024-36761

naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs...

CVE-2024-36761

naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs...

CVE-2024-36761

CVE-2024-36761 affects naga v0.14.0, with a stack overflow in the WGSL parser component at /wgsl/parse/mod.rs. The CVSSv3.1 data indicates a high-severity, remote‑attack surface (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) with a base score of 9.8. Exploitation details are not provided in the supplied d...

Upgrading Veeam Kasten for Kubernetes Fails With Parse Error

Challenge When upgrading to Veeam Kasten for Kubernetes 6.5.3 or higher the upgrade fails with: parse error at k10/templates/v0services.yaml:128: function "continue" not defined Cause This issue is related to the Helm binary version that is installed. Solution To resolve this issue, download the...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

protobuf-c: unsigned integer overflow in parse_required_member

A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

CVE-2024-37162 zsa Generates Error Messages Containing Sensitive Information

zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine...

CVE-2024-37162

CVE-2024-37162 affects the zsa library for Next.js. The vulnerability arises because the application transfers the parse error stack from server to client in production builds, potentially exposing sensitive server information such as machine usernames and directory paths. All users are affected....

CVE-2024-37162 zsa Generates Error Messages Containing Sensitive Information

zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine...

PYSEC-2024-118

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

PYSEC-2024-118

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...