DEBIAN-CVE-2023-37420

Multiple out-of-bounds write vulnerabilities exist in the VCD parsevaluechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns t...

DEBIAN-CVE-2023-37416

Multiple out-of-bounds write vulnerabilities exist in the VCD parsevaluechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns t...

UBUNTU-CVE-2023-37418

Multiple out-of-bounds write vulnerabilities exist in the VCD parsevaluechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns t...

UBUNTU-CVE-2023-49551

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsopjsonparse function in the msj.c file...

PT-2024-13744 · Cesanta · Mjs

Name of the Vulnerable Software and Affected Versions: Cesanta mjs version 2.20.0 Description: An issue in Cesanta mjs allows a remote attacker to cause a denial of service via the mjs op json parse function in the msj.c file. Recommendations: For Cesanta mjs version 2.20.0, consider disabling th...

The vulnerability of the TiXmlDeclaration::Parse() function in the TinyXML parser component, tinyxmlparser.cpp, allows a attacker to cause a service failure.

The vulnerability of the TiXmlDeclaration::Parse function in the TinyXML parser tinyxmlparser.cpp is related to the use of the assert operator when processing the character 0, which is located after a space. Exploiting this vulnerability may allow an attacker to cause a service failure remotely...

SUSE CVE-2023-51079

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...

CVE-2023-51074

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse method...

CVE-2023-51079

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...

CVE-2023-51079

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...

UBUNTU-CVE-2023-51074

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse method...

UBUNTU-CVE-2023-51079

DISPUTED A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...

Jayway JsonPath Security Vulnerability

Jayway JsonPath is json-path open source a Java DSL for reading Json documents. A security vulnerability exists in Jayway JsonPath version v2.8.0, which stems from a stack overflow vulnerability in the Criteria.parse method...

PT-2023-31756 · Mvel2 · Mvel2

Name of the Vulnerable Software and Affected Versions: mvel2 version 2.5.0 Final Description: A TimeOut error exists in the ParseTools.subCompileExpression method due to many Java class lookups, potentially causing a long execution time. The vendor disputes the significance of this issue, stating...

PT-2023-35670 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details include a crash state involving js free function def, js parse function decl...

Micro HTTP Server Security Vulnerability

Micro HTTP Server is a very simple HTTP server for prototyping by the individual developer Jian-Hong Pan in China. A security vulnerability exists in MicroHttpServer Micro HTTP Server version a8ab029 and earlier versions, which stems from a buffer overflow in ParseHeader in lib/server.c. The...

PT-2023-35668 · Rawspeed · Rawspeed

Name of the Vulnerable Software and Affected Versions: rawspeed affected versions not specified Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the parseWhiteBalance function within DngDecoder, which is part of the rawspeed library...

VulnCheck KEV: CVE-2023-7101

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic...

PT-2023-31889 · Unknown · Microhttpserver

Name of the Vulnerable Software and Affected Versions: MicroHttpServer versions through a8ab029 Description: The issue allows a one-byte recv buffer overflow via a long URI in the ParseHeader function located in lib/server.c. Recommendations: For versions through a8ab029, consider restricting...

Spreadsheet-ParseExcel Code Injection Vulnerability

Spreadsheet-ParseExcel is a module for extracting information from Excel files by the individual developer John McNamara in Ireland. A security vulnerability exists in Spreadsheet-ParseExcel version 0.65 that originates from passing unvalidated input from a file to a string, resulting in arbitrar...