PT-2023-36067 · Git +1 · Radare2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read crash has been reported. The crash involves the load sections 64, parse classes 64, and classes functions. No information is...

CVE-2023-44386 Incorrect request error handling triggers server crash in Vapor

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2...

AZL-31730 CVE-2023-5345 affecting package hyperv-daemons for versions less than 5.15.135.1-1

A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3fscontextparseparam, ctx-password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading pas...

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

CVE-2023-44464

pretix before 2023.7.2 allows Pillow to parse EPS files...

PT-2023-5679

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3 fs context parse param,...

Amazon Linux 2 : ruby (ALASRUBY3.0-2023-003)

The version of ruby installed on the remote host is prior to 3.0.3-154. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY3.0-2023-003 advisory. CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a...

RUSTSEC-2023-0065 Tungstenite allows remote attackers to cause a denial of service

The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amoun...

Medium: python38

Issue Overview: An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-24329 Affected Packages: python38 Note: This advisory is applicable to Amazon Linux 2 - Python3.8 Extra. Vis...

OESA-2023-1662 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.CVE-2023-24537...

OESA-2023-1665 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.CVE-2023-24537...

CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

The vulnerability of the ares_parse_soareply() function in the C-ares asynchronous DNS request library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the aresparsesoareply function in the C-ares library related to the operation of writing data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of the MPEG12_ParseSeqHdr function (media_tools/mpeg2_ps.c) in the GPAC multimedia platform allows a perpetrator to trigger a service failure.

The vulnerability of the MPEG12ParseSeqHdr function mediatools/mpeg2ps.c in the GPAC multimedia platform is related to reading beyond the memory boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the avi_parse_input_file function (media_tools/avilib.c:2083) in the multimedia platform GPAC, related to inaccessible read and reread operations on buffers, allows a hacker to cause a service failure.

The vulnerability of the aviparseinputfile function mediatools/avilib.c:2083 in the multimedia platform GPAC is related to buffer overflow attacks. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the `parse_module` function in the GNU Binutils development environment, which involves reading beyond the buffer boundaries in memory, allows an attacker to trigger a service failure or cause other adverse effects.

The vulnerability of the parsemodule function in the GNU Binutils development environment is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a system failure or exert other adverse effects...

The vulnerability of the `parse_stab_struct_fields` function in the GNU Binutils development environment, related to a memory leak, allows an attacker to cause a service failure.

The vulnerability of the parsestabstructfields function in the GNU development environment is related to a memory release error. Exploiting this vulnerability could allow an attacker to cause a service failure...

Vulnerability of the bfd_pef_parse_function_stubs function in the GNU Binutils development environment, caused by buffer overflow in dynamic memory, allowing an attacker to trigger a stack overflow.

The vulnerability of the bfdpefparsefunctionstubs function in the GNU Binutils development toolset, located in the bfd/pef.c file, is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability could allow an attacker to trigger a stack overflow...

The vulnerability of the bfd_pef_parse_function_stubs function (bfd/pef.c) in the GNU Binutils development environment, related to the handling of zero pointers, allows a malicious actor to trigger a service failure.

The vulnerability of the bfdpefparsefunctionstubs function bfd/pef.c in the GNU Binutils development environment is related to the use of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...