6862 matches found
CVE-2023-46566
msoulier tftpy is affected by a Buffer Overflow in the parse function of the TftpPacketFactory class. Root cause: inadequate input validation leads to remote denial of service. Impact: remote attacker over the network can cause a DoS; no patch/version details are provided in the supplied document...
UBUNTU-CVE-2024-33260
Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parserparseclass at jerry-core/parser/js/js-parser-expr.c...
Jerryscript 安全漏洞
JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in Jerryscript, which stems from the component parserparseclass in jerry-core/parser/js/js-parser-expr.c contains a segmentation violation...
The vulnerability of the Criteria.parse() function in the Java library JsonPath, which allows a attacker to trigger a service failure
The vulnerability of the Criteria.parse function in the Java JsonPath library is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to cause a service failure...
yajl: Memory leak in yajl_tree_parse function
A flaw was found in the yajl library, which exists due to a memory leak within the yajltreeparse function. This flaw allows a remote attacker to parse malicious JSON input to cause out-of-memory in the server, causing a crash, resulting in a denial of service attack...
Vyper 安全漏洞
Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions prior to 0.3.8 through 0.4.0b1, which stems from a false assertion issue in the stmt.parseForrange function...
PT-2024-24921 · Conform · Conform
Name of the Vulnerable Software and Affected Versions: Conform versions prior to 1.1.1 Description: Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to...
OESA-2024-1481 llvm security update
LLVM is a compiler infrastructure designed for compile-time, link-time, runtime, and idle-time optimization of programs from arbitrary programming languages. Security Fixes: LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata function via a crafted pdflatex.fmt file or perhaps a...
SUSE CVE-2024-26828
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...
DEBIAN-CVE-2024-26828
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...
UBUNTU-CVE-2024-26828
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...
CVE-2024-26828 cifs: fix underflow in parse_server_interfaces()
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a parseserverinterfaces buffer underflow...
CVE-2024-22262
Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...
GHSA-2M57-HF25-PHGG sqlparse parsing heavily nested list leads to Denial of Service
Summary Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. Details + PoC Running the following code will raise Maximum recursion limit exceeded exception: py import sqlparse sqlparse.parse'' 10000 + '' 10000 We expect a traceback of RecursionError:...
PT-2024-10474 · Pypi +4 · Sqlparse +4
Name of the Vulnerable Software and Affected Versions: sqlparse affected versions not specified Description: The issue is related to the sqlparse.parse function, which can lead to a Denial of Service due to a RecursionError when processing a heavily nested list. This can be exploited by a remote...
OESA-2024-1432 golang security update
The Go Programming Language. Security Fixes: The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...
CVE-2024-23082
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a...
UBUNTU-CVE-2024-23082
DISPUTED ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence o...
CVE-2024-23082
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a...