RHEL 7 : npmjs-url-parse (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - npmjs-url-parse: Improper validation of protocol of the returned URL CVE-2020-8124 Note that Nessus has not tested...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

OSV-2024-420 Use-of-uninitialized-value in Lexer::Error

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68397 Crash type: Use-of-uninitialized-value Crash state: Lexer::Error ManifestParser::ParseRule ManifestParser::Parse...

PT-2024-40757 · Git +1 · Ninja

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the Lexer::ReadToken function, which is called by...

PT-2024-40756 · Avif · Avif

Name of the Vulnerable Software and Affected Versions: avif affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the avifSequenceHeaderParse function, which is called by avifDecoderReset and avifDecoderParse...

CVE-2024-2410

The JsonToBinaryStream function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed...

GHSA-MJR4-7XG5-PFVH libxmljs2 type confusion vulnerability when parsing specially crafted XML

libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop and remote code...

PT-2024-25854 · Libxmljs2 · Libxmljs2

Name of the Vulnerable Software and Affected Versions: libxmljs2 affected versions not specified Description: The issue is related to a type confusion vulnerability that occurs when parsing a specially crafted XML. This happens while invoking a function on the result of attrs that was called on a...

SUSE CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c

An information leak vulnerability was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfreq function. An attacker with physical access within the range of standard Bluetooth transmission could use thi...

DEBIAN-CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

UBUNTU-CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

USN-6758-1: JSON5 vulnerability

It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named \proto\. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access to network...

kernel: use-after-free in kv_parse_power_table

A use-after-free flaw was found in kvparsepowertable in drivers/amd/pm in the Linux kernel. When ps equals NULL, kvparsepowertable frees adev-pm.dpm.ps. The adev-pm.dpm.ps is used in the loop of kvdpmfini after its first free in kvparsepowertable, causing a use-after-free problem...

kernel: smb: client: fix potential OOBs in smb2_parse_contexts()

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...

OSV-2024-352 Heap-buffer-overflow in __parse_options

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68156 Crash type: Heap-buffer-overflow READ Crash state: parseoptions parseoptions parseoptions...

sqlparse 安全漏洞

sqlparse is Python's non-validating SQL parser. It provides support for parsing, splitting, and formatting SQL statements. A security vulnerability exists in sqlparse that stems from an application passing a nested list to sqlparse.parse, resulting in a denial of service...

UBUNTU-CVE-2023-46566

Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class...

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

PT-2024-13362 · Msoulier · Tftpy

Name of the Vulnerable Software and Affected Versions: msoulier tftpy affected versions not specified Description: A Buffer Overflow issue allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class. This issue can be exploited by a remote attacker,...