CVE-2023-24537

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

PT-2023-9029 · Golang +10 · Golang +10

Name of the Vulnerable Software and Affected Versions: Golang affected versions not specified Description: The issue is related to the consumption of large amounts of CPU and memory when processing form inputs containing a large number of parts. This can be caused by several factors, including th...

PT-2023-9785 · Go +10 · Go +10

Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue is related to the Parse function in the Go programming language, which can cause an infinite loop due to integer overflow when processing Go source code containing //line directives wi...

UBUNTU-CVE-2023-26916

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysparsemem at lysparsemem.c...

PT-2023-9144

Name of the Vulnerable Software and Affected Versions: libyang versions 2.0.164 through 2.1.30 Description: The issue is related to a NULL pointer dereference in the lys parse mem function of the libyang library, which is used for YANG data modeling language parsing. This could allow a remote...

Security Bulletin: Multiple vulnerabilities in software used in node.js affect Cloud Pak System

Summary Multiple vulnerabilities found in follow-redirect, html-parse-stringify2, nth-check, pycrypto affect Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2021-23346 DESCRIPTION: Node.js html-parse-stringify and html-parse-stringify2...

USN-5973-1: url-parse vulnerabilities

It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or to perform a server-side request forgery attack or open...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : url-parse vulnerabilities (USN-5973-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5973-1 advisory. It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

CVE-2023-21028

In parseprinterAttributes of ipphelper.c, there is a possible out of bounds read due to a string without a null-terminator. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-20532

In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

PT-2023-17818 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In the parse printerAttributes function of ipphelper.c, there is a possible out of bounds read due to a string without a null-terminator. This could lead to remote information disclosure with no...

XML External Entity (XXE) Injection

weixin-python is vulnerable to XML External Entity XXE Injection. The vulnerability exists due to the parse function in msg.py and the toxml function in pay.py because xml entities are allowed to be resolved, allowing an attacker to inject and execute malicious XML documents to perform requests o...

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2023-096)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-096 advisory. valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the...

CVE-2023-28118 kaml has potential denial of service while parsing input with anchors and aliases

kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...

SUSE CVE-2023-27785

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function...

PT-2023-35710 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 1. The crash state involves several functions: xmlParseContentInternal,...

DEBIAN-CVE-2023-27787

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parselist function at the list.c:81 endpoint...

DEBIAN-CVE-2023-27785

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function...

CVE-2023-27785

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function...

Design/Logic Flaw

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function...