UBUNTU-CVE-2020-24994

Stack overflow in the parsetag function in libass/assparse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file...

CVE-2019-9636

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

CVE-2018-3774

A flaw was found in nodejs-url-parse. The wrong hostname can be returned, due to incorrect parsing, which can lead to a variety of vulnerabilities. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

@amoy/query-components (>=1.0.0 <=1.0.8), @cortezaproject/corteza-ext-renderer (>=2020.3.0 <=2020.12.0) +46 more potentially affected by CVE-2021-23346 via html-parse-stringify (>=1.0.1 <=1.0.3)

html-parse-stringify NPM version =1.0.1, =1.0.0, =2020.3.0, =2020.3.0-rc.8, =0.3.0, =4.0.0, =2.0.7, =4.0.22, =3.0.4, =14.10.3, =1.0.0, =1.0.0, =6.9.17, =1.0.0, =3.0.0-rc.2 and more Source cves: CVE-2021-23346 Source advisory: OSV:GHSA-545Q-3FG6-48M7...

GHSA-545Q-3FG6-48M7 html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

4talent-questions-shortlist (=1.3.3), @42.nl/ui (>=1.0.7 <=1.0.9) +634 more potentially affected by CVE-2021-23346 via html-parse-stringify2 (>=1.2.1 <=2.0.1)

html-parse-stringify2 NPM version =1.2.1, =1.0.7, =5.0.1, =0.1.0, =1.0.0, =0.2.0-alpha.1, =0.1.2, =0.9.9, =0.9.9, =6.3.0, =3.6.0, =0.3.1, =0.1.0, =0.3.0 and more Source cves: CVE-2021-23346 Source advisory: OSV:GHSA-545Q-3FG6-48M7...

html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

af-core (>=0.1.0 <=0.1.8), af-lib (=0.1.1) +51 more potentially affected by CVE-2021-1000007 +1 more via parse_duration (>=1.0.3 <=2.1.1)

parseduration CARGO version =1.0.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.6.2, =0.6.2, =0.6.2, =0.1.0, =0.1.0, =0.3.12, =0.1.0, =0.1.0, =0.3.0 and more Source cves: CVE-2021-1000007, CVE-2021-29932 Source advisory: OSV:RUSTSEC-2021-0041...

PT-2021-4098 · Libyang +2 · Libyang +2

Name of the Vulnerable Software and Affected Versions: libyang versions prior to 1.0.225 Description: The issue is related to a stack overflow in the libyang library, which can cause a denial of service. This occurs due to uncontrolled recursion of the lyxml parse elem function when lyxml parse m...

Regular Expression Denial Of Service (ReDoS)

html-parse-stringify2 is vulnerable to regular express denial of service ReDoS. The vulnerability exists through the regular expression of tagRE where parsing strings with multiple ' and " can consume huge amount of CPU resources...

CVE-2021-23346

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

CVE-2021-23346

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

CVE-2021-23346 Regular Expression Denial of Service (ReDoS)

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

CVE-2021-23346

CVE-2021-23346 affects Node.js packages html-parse-stringify and html-parse-stringify2. The vulnerability is a Regular Expression DoS (ReDoS) due to backtracking in parsing regex, which can cause the process to freeze and lead to a denial of service. IBM IBM Cloud Pak for Security CP4S versions 1...

CVE-2021-23346

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

html-parse-stringify 安全漏洞

Henrik Joreteg html-parse-stringify is an open source application by Henrik Joreteg. It provides a way to quickly parse HTML into an AST and stringify it to a raw string. A security vulnerability exists in html-parse-stringify before 2.0.1, which stems from the fact that sending certain inputs ma...

Denial of Service (DoS)

Overview github.com/pires/go-proxyproto is a Go library implementation of the PROXY protocol, versions 1 and 2. Affected versions of this package are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It wi...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. Google Android suffers from a security vulnerability that stems from an incorrect boundary check in Parseinsh in easmdls.c, which may write out of range. This could lead to the disclosure ...

Regular Expression Denial of Service (ReDoS)

Overview html-parse-stringify is a https://github.com/henrikjoreteg/html-parse-stringify Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing...

4talent-questions-shortlist (=1.3.3), @42.nl/ui (>=1.0.7 <=1.0.9) +624 more potentially affected by CVE-2021-23346 via html-parse-stringify2 (=2.0.1)

html-parse-stringify2 NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on html-parse-stringify2 and may be impacted: - 4talent-questions-shortlist =1.3.3 - @42.nl/ui =1.0.7, =5.0.1, =0.1.0, =1.0.0, =0.2.0-alpha.1, =0.1.2, =0.9.9, =0.9.9,...