SUSE CVE-2023-38851

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xlsparseWorkBook function in xls.c:1018...

CVE-2023-21271

In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-40294

libboron in Boron 2.0.8 has a heap-based buffer overflow in urparseBlockI at iparseblk.c...

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. In addition to the vulnerabilities in OpenSSL, for which the NCSC has published previous security advisories published, a vulnerability has also been fixed in the urllib.parse component. Because proper input validation does not take place, it is possible...

The vulnerability of the parse_usdt_arg() function in the tools/lib/bpf/usdt.c module of the Linux kernel’s BPF component allows a hacker to induce a service failure.

The vulnerability of the parseusdtarg function in the tools/lib/bpf/usdt.c module of the Linux kernel’s BPF component is related to a memory overflow issue. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

Folding@home fah-control Security Vulnerability

fah-control is a Folding@home open source Client Advanced Control GUI. A security vulnerability exists in the Folding@home Client Advanced Control GUI that allows an attacker to execute arbitrary code by manipulating the parsemessage function...

PT-2023-35934 · Git +1 · Clamav

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. The crash state indicates repeated calls to the parse regex function, suggesting a potential...

CVE-2022-31200

Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field...

CVE-2022-31200

Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

PT-2023-26305 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicio...

SUSE-SU-2023:2937-1 Security update for python311

This update for python311 fixes the following issues: python was updated to version 3.11.4: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. - CVE-2007-4559: Fixed python tarfile module directory traversal...

CLSA-2023-1689885970 Fix CVE(s): CVE-2023-24329

SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2.patch: Start stripping C0 control and space chars in urlsplit - CVE-2023-24329...

CLSA-2023-1689885838 Fix CVE(s): CVE-2023-24329

SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2-v2.7.patch: Start stripping C0 control and space chars in urlsplit - debian/patches/CVE-2023-24329-v2.7.patch: Fix testattributesbadscheme to check for non-ascii symbol as first character...

The vulnerability of the `parse_tag_and_wiretype` function in the `protobuf-c.c` component of the Protobuf-c programming language for serializing data allows a attacker to cause a service failure.

The vulnerability of the parsetagandwiretype function in the protobuf-c.c component of the Protobuf serialization programming language C Protobuf-c is related to errors during resource release. Exploiting this vulnerability allows an attacker to cause service failures remotely...

SUSE CVE-2021-34119

A flaw was discovered in htmodoc 1.9.12 in function parseparagraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file...

DEBIAN-CVE-2021-34121

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parsetree in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...

DEBIAN-CVE-2021-34119

A flaw was discovered in htmodoc 1.9.12 in function parseparagraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file...

CVE-2021-34121

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parsetree in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...

UBUNTU-CVE-2021-34121

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parsetree in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...