npm path-parse 安全漏洞

npm path-parse is an application plugin from the United States npm. It provides a path-parse function. A security vulnerability exists in path-parse, which originates from a Regular Expression Denial of Service ReDoS attack via the splitDeviceRe, splitTailRe, and splitPathRe regular expressions...

Exim 缓冲区错误漏洞

Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. A heap buffer overflow vulnerability exists in Exim in parsefixphrase, which stems from interpreting negative sizes in strncpy, and can be exploited by an attacker to elevate...

Arbitrary Code Execution

re2c is vulnerable to arbitrary code execution. A heap-based buffer overflow in Scanner::fill in parse/scanner.cc allows an attackero to execute arbitrary code on the host OS via a malicious lexeme...

PT-2021-19559 · Cesanta · Mongooseos Mjs

Name of the Vulnerable Software and Affected Versions: Cesanta MongooseOS mJS version 1.26 Description: A maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs json parse, potentially leading to redirection of control flow. The original reporter disputes the...

PT-2024-11264 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A logic error in the Linux kernel could result in a null dereference if the user sets the mode incorrectly for the given address type. This issue is related to the net: ieee802154...

DEBIAN-CVE-2021-30014

There is a integer overflow in mediatools/avparsers.c in the hevcparseslicesegment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash...

UBUNTU-CVE-2021-30014

There is a integer overflow in mediatools/avparsers.c in the hevcparseslicesegment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash...

CVE-2021-30014

There is a integer overflow in mediatools/avparsers.c in the hevcparseslicesegment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash...

SUSE: Security Advisory (SUSE-SU-2017:1445-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-2220

Name of the Vulnerable Software and Affected Versions Python versions prior to 3.10.0b1 Python versions prior to 3.9.5 Python versions prior to 3.8.11 Python versions prior to 3.7.11 Python versions prior to 3.6.14 Description The issue involves the urllib.parse module in Python, which does not...

DEBIAN-CVE-2021-31348

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files out-of-bounds read after a certain strcspn failure...

CVE-2021-0427

In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

OESA-2021-1125 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CVE-2021-27698

RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrcrplcontrolmessages.c through the parseoptions function...

RIOT RIOT-OS 安全漏洞

RIOT is a real-time multi-threaded IoT operating system that supports a range of devices commonly found in the Internet of Things. A buffer overflow vulnerability exists in the parseoptions function in /sys/net/gnrc/routing/rpl/gnrcrplcontrolmessages.c in RIOT version 2021.01. No detailed...

PT-2021-8037 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the validation of UDP retransmission in the Linux kernel's NFS module. Specifically, it concerns the xprt calc majortimeo function, where a shift out-of-bounds...

CVE-2021-29932

An issue was discovered in the parseduration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service CPU and memory consumption via a duration string with a large exponent...

Remote Code Execution (RCE)

@thi.ng/egf is vulnerable to remote code execution. The vulnerability exists due to EGF parse function attempting to decrypt values...

Design/Logic Flaw

Potential for arbitrary code execution in npm package @thi.ng/egf gpg-tagged property values only if decrypt: true option is enabled. PR with patch has been submitted and will has been released as of v0.4.0 By default the EGF parse functions do NOT attempt to decrypt values since GPG only availab...

7ghost (>=4.11.0 <=4.11.46), @0x18b2ee/parse-server (>=3.10.1 <=3.11.0) +2865 more potentially affected by CVE-2021-28918 +1 more via netmask (>=0.0.2 <=1.0.6)

netmask NPM version =0.0.2, =4.11.0, =3.10.1, =0.1.0, =0.1.0, =1.6.1, =0.0.1, =2.0.0, =0.0.9, =0.0.175, =0.0.81, =2.0.0, =0.9.17, =1.0.5 and more Source cves: CVE-2021-28918, CVE-2021-29418 Source advisory: OSV:GHSA-PCH5-WHG9-QR2R...