CVE-2024-23082

CVE-2024-23082 concerns ThreeTen Backport v1.6.8, with an integer overflow in DateTimeFormatter.parse(CharSequence, ParsePosition). Multiple sources dispute the vulnerability’s existence; no solid public exploit details are provided in the documents. Red Hat/IBM postings flag a potential denial-o...

PT-2024-19661 · Unknown · Threeten Backport

Name of the Vulnerable Software and Affected Versions: ThreeTen Backport version 1.6.8 Description: The issue is related to an integer overflow in the org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition component. However, it is noted that the existence of this issue is...

ThreeTen backport project 安全漏洞

ThreeTen backport project is a simple backport for ThreeTen open source. A security vulnerability exists in ThreeTen backport project version v1.6.8, which stems from a null pointer exception contained in the component org. Threeten.bp.format.DateTimeFormatter parseCharSequence, ParsePosition...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a missing null check in the asn1ecpkeyparsep384 module of the asn1common.c file, which could lead to out-of-bounds reads...

The vulnerability of the gf_mpd_parse_string function (media_tools/mpd.c:75) in the multimedia platform GPAC allows a hacker to cause a service failure.

The vulnerability of the gfmpdparsestring function mediatools/mpd.c:75 in the GPAC multimedia platform is related to the lack of memory release after the effective lifespan has ended. Exploiting this vulnerability could allow an attacker to cause a service failure...

ROS-20240402-05

Vulnerability of TiXmlDeclaration::Parse function in tinyxmlparser.cpp component of TinyXML XML-parser is related to the use of assert operator when processing 0 character after space. using assert operator when processing 0 character after a space. Exploitation vulnerability could allow an...

BIT-PARSE-2024-27298 Parse Server literalizeRegexPart SQL Injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0...

Elasticsearch Uncaught Exception leading to crash

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

domain-suffix RegEx Denial of Service

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function. PoC js async function exploit const domainsuffix = require"domain-suffix"; // Crafting a string that will cause excessive backtracking const maliciousInput =...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

CVE-2024-25354

CVE-2024-25354 affects domain-suffix 1.0.8 (Node.js) with a RegEx Denial of Service in the parse function that can crash the application when given crafted input. Root cause: excessive backtracking in the regular expression. Impact: denial of service/crash; exploitation details are provided in pu...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

PT-2024-40680 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash state includes functions such as emit goto, emit class field init, and js parse function...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

domain-suffix 安全漏洞

domain-suffix is a Node.js package. A security vulnerability exists in domain-suffix version 1.0.8, which stems from a vulnerability that allows an attacker to crash an application using crafted input via the parse function...

LLVM 安全漏洞

LLVM is a toolkit for building highly optimized compilers, optimizers and runtime environments for LLVM. A security vulnerability exists in LLVM version 15.0.0 due to a NULL pointer dereference vulnerability found in the parseOneMetadata function...

PT-2024-20898 · Unknown · Domain-Suffix

Name of the Vulnerable Software and Affected Versions: domain-suffix version 1.0.8 Description: The issue allows attackers to crash the application via crafted input to the parse function, resulting in a Denial of Service. This is achieved through a RegEx Denial of Service in the domain-suffix...

expat: parsing large tokens can trigger a denial of service

A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...

PT-2024-40673 · Git +1 · Htslib

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a negative-size-param, as reported by OSS-Fuzz. The crash occurs in the following functions: vcf parse format,...

Improper Input Validation

parse-server is vulnerable to Improper Input Validation. The vulnerability is due to insufficient string sanitation for Cloud Function or Cloud Job names, which allows an attacker to crash the server, manipulate internal object storage, or potentially execute arbitrary code...