CVE-2021-3664

An input validation flaw was found in the nodejs url-parse library, which incorrectly parses a URL that contains backslashes. This flaw allows an attacker to specify a relative URL and cause the browser to redirect to a malicious website. The highest threat from this vulnerability is to integrity...

SUSE: Security Advisory (SUSE-SU-2021:2555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-25801

A buffer overflow vulnerability in the Parseindx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file...

UBUNTU-CVE-2021-25801

A buffer overflow vulnerability in the Parseindx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file...

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

DEBIAN-CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

UBUNTU-CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

VideoLAN VLC Media Player 缓冲区错误漏洞

VideoLAN VLC is an open source cross-platform multimedia player and framework that can play most multimedia files, as well as DVDs, audio CDs, VCDs and various streaming protocols.The Parseindx component in VideoLAN VLC version 3.0.11 suffers from a buffer overflow vulnerability that can be...

PT-2021-21304 · Npm +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse affected versions not specified Description: The issue concerns URL redirection to untrusted sites. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or othe...

CVE-2021-3664

CVE-2021-3664 affects the url-parse library and enables a URL Redirection to Untrusted Site (Open Redirect) via its URL parsing logic. According to the connected document, the vulnerability is rooted in the url-parse component and has a CVSS v3.1 base score of 5.3 with vector (AV:N/AC:L/PR:N/UI:N...

CVE-2021-3664 Open Redirect in unshiftio/url-parse

url-parse is vulnerable to URL Redirection to Untrusted Site...

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

Moderate: Red Hat Security Advisory: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

STMicroelectronics STM32Cube 安全漏洞

The Stmicroelectronics STMicroelectronics STM32Cube is a microcontroller for embedded systems from STMicroelectronics Switzerland. A security vulnerability exists in USBHParseCfgDesc in STMicroelectronics STM32Cube Middleware v1.8.0 and earlier versions, which denies service due to a system hang...

STMicroelectronics STM32Cube 缓冲区错误漏洞

The Stmicroelectronics STMicroelectronics STM32Cube is a microcontroller for embedded systems from STMicroelectronics Switzerland. A buffer error vulnerability exists in the USBH ParseEPDesc function in STMicroelectronics STM32Cube Middleware v1.8.0 and earlier versions, which can be exploited by...

DEBIAN-CVE-2020-36426

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtlsx509crlparseder has a buffer over-read of one byte...

CVE-2021-1965

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...