AZL-33572 CVE-2022-32149 affecting package cf-cli for versions less than 8.4.0-21

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

DEBIAN-CVE-2022-41550

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osipbodyparseheader...

UBUNTU-CVE-2022-41550

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osipbodyparseheader...

ruby: Cookie prefix spoofing in CGI::Cookie.parse

A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

GNU oSIP 输入验证错误漏洞

GNU oSIP is the GNU Foundation's free software library for VoIP applications that implement lower-level session-initiation protocols. The library contains the minimum code base required for any SIP application and provides enough flexibility to implement any SIP extension or behavior. A security...

parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url

A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue...

OSV-2022-1008 Heap-buffer-overflow in cli_js_parse_done

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52038 Crash type: Heap-buffer-overflow READ 4 Crash state: clijsparsedone clihtmlnormalise htmlnormalisemap...

PT-2022-36659 · Git +1 · Haproxy

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash occurs in the parse line function, which is called by readcfgfile in the fuzz cfg parser...

LIEF 安全漏洞

LIEF is a cross-platform library from the personal developer Romain Thomas. Used for parsing, modifying and abstracting Elf, Pe and MachO formats, a denial of service vulnerability exists in LIEF v0.12.1, which stems from a failure to properly handle incoming error messages in the initandparse...

css-what vulnerable to ReDoS due to use of insecure regular expression

The package css-what before 2.1.3 is vulnerable to Regular Expression Denial of Service ReDoS due to the use of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

GHSA-P28H-CC7Q-C4FG css-what vulnerable to ReDoS due to use of insecure regular expression

The package css-what before 2.1.3 is vulnerable to Regular Expression Denial of Service ReDoS due to the use of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

UBUNTU-CVE-2022-41841

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4File::ParseStream in Core/Ap4File.cpp, which is called from AP4File::AP4File...

UBUNTU-CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222 Regular Expression Denial of Service (ReDoS)

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

Bento4 代码问题漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version 1.6.0-639, which stems from a null pointer dereference in AP4File::ParseStream in Core/Ap4File.cpp. An attacker could exploit the vulnerability to cause a denial of...

CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

PT-2022-37326 · Git +1 · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 4 crash has been reported. The crash involves the onig node str cat function, and the call stack includes parse exp and parse...