CVE-2023-21179

In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21161

In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2023-21159

In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Out-of-bounds

In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Out-of-bounds

In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, Inc USA. A security vulnerability exists in Google Pixel, which originates in parseSecurityParamsFromXml in XmlUtil.java, where file encryption may fail due to a competitive condition, which could lead to local information disclosure...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from Google, an American company. A security vulnerability exists in Google Pixel, which stems from the presence of a missing bounds check in the Parse of the simdata.cpp file, which may result in out-of-bounds writes...

PT-2023-25584 · Unknown +2 · Parse Server +2

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.5.2 and 6.2.1 Description: The issue allows an attacker to use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This can be exploited in Parse Server, an open sour...

CVE-2023-21161

In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from Google, an American company. A security vulnerability exists in Google Pixel, which stems from the presence of a missing bounds check in the Parse of the simdata.cpp file, which may result in out-of-bounds writes...

Parse Server 安全漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.5.2 and prior to 6.2.1, which stems from a vulnerability that allows an attacker to trigger remote code execution using a...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

SUSE CVE-2023-33290

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...

PyPDF2 安全漏洞

PyPDF2 is a free open source pure python PDF library . Able to split, merge, crop and convert pages of a PDF file. PyPDF2 versions 2.2.0 to 3.8.1 has a security vulnerability , the vulnerability stems from the attacker may be able to create a PDF, if the implementation of parsecontentstream, will...

CVE-2022-48336

Widevine Trusted Application TA 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

The vulnerability of the _bfd_elf_parse_gnu_properties function in the elf-properties.c library of the GNU Binutils development toolset allows a attacker to cause a service failure.

The vulnerability of the bfdelfparsegnuproperties function in the elf-properties.c library of the GNU Binutils development toolset is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a system failure...

SUSE CVE-2023-3359

An issue was discovered in the Linux kernel brcmnvramparse in drivers/nvmem/brcmnvram.c. Lacks for the check of the return value of kzalloc can cause the NULL Pointer Dereference...

CLSA-2023-1687469630 Fix CVE(s): CVE-2023-24329

SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2.patch: start stripping C0 control and space chars in urlsplit - CVE-2023-24329...

CLSA-2023-1687469528 Fix CVE(s): CVE-2023-24329

SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2.patch: start stripping C0 control and space chars in urlsplit - CVE-2023-24329...