CVE-2022-36647

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parsesequenceheader at source/common/header.cc:269...

Aced - Tool to parse and resolve a single targeted Active Directory principal's DACL

Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging...

PT-2022-23527 · Unknown · Pkuvcl Davs2

Name of the Vulnerable Software and Affected Versions: PKUVCL davs2 version 1.6.205 Description: A global buffer overflow was discovered in the parse sequence header function at source/common/header.cc:269. This issue affects the specified version of PKUVCL davs2. Recommendations: For PKUVCL davs...

PKUVCL davs2 安全漏洞

davs2 is an open source decoder for AVS2-P2/IEEE1857.4 video coding standard open source by PKUVCL in China. A security vulnerability exists in PKUVCL davs2 v1.6.205, which stems from a global buffer overflow in the parsesequenceheader function in its source/common/header.cc:269 component...

DEBIAN-CVE-2020-35535

In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF" function libraw\src\metadata\sony.cpp when processing srf files...

mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations

MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...

PT-2022-8938 · Libraw · Libraw

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is an out-of-bounds read vulnerability within the LibRaw::parseSonySRF function when processing srf files. This occurs in the file librawsrcmetadatasony.cpp. Recommendations: At th...

DEBIAN-CVE-2022-37049

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parsempls at common/get.c:150. NOTE: this is different from CVE-2022-27942...

CVE-2022-37768

libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer...

CVE-2022-37049

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parsempls at common/get.c:150. NOTE: this is different from CVE-2022-27942...

UBUNTU-CVE-2022-37768

libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer...

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

Appneta Tcpreplay 缓冲区错误漏洞

Appneta Tcpreplay is a suite of open source utilities for editing and replaying network traffic on UNIX-based operating systems from Appneta, Inc. A security vulnerability exists in Tcpreplay version v4.4.1, which stems from a heap-based buffer overflow contained in parsempls in common/get.c:150 ...

libjpeg 安全漏洞

libjpeg is a C language library for processing JPEG format image data. It includes JPEG decoding, JPEG encoding, and other JPEG functions. A security vulnerability exists in libjpeg commit number: 281daa9 that stems from an infinite loop in its Frame::ParseTrailer component...

Remote Code Execution

react-editable-json-tree is vulnerable to remote code execution.The vulnerability exists in onSubmitValueParser prop which calls parse function in src/utils/parse.js because of missing sanitization of the parse parameters which allows a remote attacker to inject and execute malicious code into th...

CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree

This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...

Microsoft Windows Parse Server Prototype Pollution (CVE-2022-24760)

A prototype pollution vulnerability exists in Microsoft Windows Parse Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2022-1962

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...

CVE-2022-1962

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...

Design/Logic Flaw

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...