Integer overflow

buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

CVE-2022-22823

buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

@abi-software/flatmap-viewer (>=1.0.2 <=2.1.0-beta.1), @abi-software/flatmapvuer (>=0.1.0 <=0.1.33-beta-1) +852 more potentially affected by CVE-2021-23490 via parse-link-header (>=0.1.0 <=1.0.1)

parse-link-header NPM version =0.1.0, =1.0.2, =0.1.0, =1.1.0, =2.0.0, =0.1.0, =0.1.0, =1.5.1, =1.1.0, =1.1.0, =0.1.0, =1.5.1, =0.2.0, =1.5.1, =2.0.0-alpha.1, =2.0.0-alpha.11 and more Source cves: CVE-2021-23490 Source advisory: OSV:GHSA-Q674-XM3X-2926...

Improper Validation and Sanitization in url-parse

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

GHSA-46C4-8WRP-J99V Improper Validation and Sanitization in url-parse

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

0x-relayer-cat (>=0.0.3 <=0.0.10), @0x-klaytn/asset-swapper (>=4.2.1 <=4.2.2) +724 more potentially affected by CVE-2020-8124 via url-parse (>=0.1.5 <=1.4.4)

url-parse NPM version =0.1.5, =0.0.3, =4.2.1, =2.1.0-beta.4, =5.0.0-beta, =0.1.0-beta.2, =0.0.1, =0.1.1, =0.0.1, =0.1.0, =0.0.0-4, =0.0.1, =1.2.5, =1.5.0, =0.1.0, =0.1.7 and more Source cves: CVE-2020-8124 Source advisory: OSV:GHSA-46C4-8WRP-J99V...

AZL-7110 CVE-2021-41817 affecting package ruby for versions less than 3.1.2-2

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...

DEBIAN-CVE-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...

CVE-2021-23490

The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the checkHeader function...

Design/Logic Flaw

The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the checkHeader function...

CVE-2021-23490

CVE-2021-23490 affects the npm package parse-link-header . The issue is a Regular Expression Denial of Service (ReDoS) triggered by the checkHeader function in versions prior to 2.0.0 . Reported impact is CPU exhaustion that can degrade service or cause a denial of service. Remediation : upgrade ...

PT-2021-15535 · Unknown · Parse-Link-Header

Name of the Vulnerable Software and Affected Versions: parse-link-header versions prior to 2.0.0 Description: The issue concerns a Regular Expression Denial of Service ReDoS that can be triggered via the checkHeader function. This can lead to a denial of service. Recommendations: For versions pri...

parse-link-header 安全漏洞

parse-link-header parses the link header and returns paging information for each contained link. A security vulnerability exists in parse-link-header version 2.0.0 and earlier, which stems from the checkHeader function being vulnerable to a regular expression denial of service attack...

Cross-site Scripting (XSS)

ajaxnetprofessional is vulnerable to cross-site scripting attacks. The vulnerability exists due to lack of input validation in parse function of AjaxPro/core.js in when parsing json input which allows a malicious attacker to inject and execute arbitrary javascript...

UBUNTU-CVE-2021-44921

A null pointer dereference vulnerability exists in gpac 1.1.0 in the gfisomparsemovieboxesinternal function, which causes a segmentation fault and application crash...

Command Injection in parse-community/parse-server

Description This is a Remote Code Execution vulnerability in the Parse Server. This vulnerability affects the Parse Server in the default configuration with MongoDB, probably a similar attack can affect the PostgreSQL storage as well. The main weakness that leads to RCE is the Prototype Pollution...

Regular Expression Denial of Service (ReDoS)

Overview parse-link-header is a package that parses a link header and returns paging information for each contained link. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the checkHeader function. PoC var parse = require'parse-link-header'; const...

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c which will lead to a denial of service attack.

...

Denial Of Service (DoS)

radare2 is vulnerable to denial of service. The vulnerability exists due to a double free vulnerability in the pyc parse which allows an attacker to crash the application via malicious input...