6856 matches found
Xxe
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
PYSEC-2023-97
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
python: urllib.parse url blocklisting bypass
A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...
python: urllib.parse url blocklisting bypass
A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...
python: urllib.parse url blocklisting bypass
A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...
python: urllib.parse url blocklisting bypass
A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...
easy-parse 代码问题漏洞
easy-parse is a PyPI project for xml and json parsing by the individual developer Colton Willig. A security vulnerability exists in easy-parse v0.1.1, which stems from the inclusion of an XML External Entity Injection XXE vulnerability that could allow an attacker to execute arbitrary code via a...
CVE-2020-26710
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
CVE-2020-26710
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
CVE-2020-26710
CVE-2020-26710 affects the Python package easy-parse v0.1.1. Affected component: XML parsing logic that is vulnerable to XML External Entity Injection (XXE). Underlying cause: improper handling of external entities in XML processing, enabling an attacker to execute arbitrary code via a crafted XM...
PT-2023-11757 · Unknown · Easy-Parse
Name of the Vulnerable Software and Affected Versions: easy-parse version 0.1.1 Description: The issue allows attackers to execute arbitrary code via a crafted XML file, exploiting a XML External Entity Injection XXE vulnerability. Recommendations: For easy-parse version 0.1.1, update to a versio...
CVE-2023-36475
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...
CVE-2023-36475
Parse Server is affected by a prototype pollution vulnerability that enables remote code execution through the MongoDB BSON parser. The issue occurs in affected builds prior to 5.5.2 and 6.2.1, where a prototype pollution sink can be exploited to trigger RCE. A patch is available in versions 5.5....
CVE-2023-36475 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...
CVE-2023-36475 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...
CVE-2023-36475 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...
DEBIAN-CVE-2023-3359
An issue was discovered in the Linux kernel brcmnvramparse in drivers/nvmem/brcmnvram.c. Lacks for the check of the return value of kzalloc can cause the NULL Pointer Dereference...
AZL-27347 CVE-2023-3359 affecting package kernel for versions less than 5.15.118.1-2
An issue was discovered in the Linux kernel brcmnvramparse in drivers/nvmem/brcmnvram.c. Lacks for the check of the return value of kzalloc can cause the NULL Pointer Dereference...
AZL-27332 CVE-2023-3359 affecting package hyperv-daemons for versions less than 5.15.118.1-1
An issue was discovered in the Linux kernel brcmnvramparse in drivers/nvmem/brcmnvram.c. Lacks for the check of the return value of kzalloc can cause the NULL Pointer Dereference...
UBUNTU-CVE-2023-3359
An issue was discovered in the Linux kernel brcmnvramparse in drivers/nvmem/brcmnvram.c. Lacks for the check of the return value of kzalloc can cause the NULL Pointer Dereference...