CVE-2020-7071

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

CVE-2020-7071

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

CVE-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

PT-2021-3621 · Apache +10 · Apache Tomcat +10

Name of the Vulnerable Software and Affected Versions: python/cpython versions 0 through 3.6.13 python/cpython versions 3.7.0 through 3.7.10 python/cpython versions 3.8.0 through 3.8.8 python/cpython versions 3.9.0 through 3.9.2 Description: The issue is related to Web Cache Poisoning via...

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

CVE-2021-0340

In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

PT-2021-8104 · Htmldoc +4 · Htmldoc +4

Name of the Vulnerable Software and Affected Versions: htmldoc versions 1.9.12 and prior Description: The issue is related to a stack buffer overflow in the parse table function of the ps-pdf.cxx component. This can lead to arbitrary code execution and denial of service, allowing an attacker to...

kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c

A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlinkparsetuplefilter in net/netfilter/nfconntracknetlink.c. The highest threat from thi...

OSV-2018-288 Use-of-uninitialized-value in jbig2_decode_symbol_dict

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9688 Crash type: Use-of-uninitialized-value Crash state: jbig2decodesymboldict jbig2symboldictionary jbig2parsesegment...

OSV-2018-280 Heap-buffer-overflow in xstrdup

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7931 Crash type: Heap-buffer-overflow READ Crash state: xstrdup ftpparsewinntls wgetftplsfuzzer.c...

OSV-2018-212 Heap-buffer-overflow in token_stream_prepare

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9805 Crash type: Heap-buffer-overflow READ 1 Crash state: tokenstreamprepare parse typedeclparse...

OSV-2018-138 Heap-buffer-overflow in parse_odp_key_mask_attr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11160 Crash type: Heap-buffer-overflow READ 1 Crash state: parseodpkeymaskattr odpflowfromstring parsekeys...

CVE-2020-7071

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

CVE-2020-28851

A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...

GNU Binutils Null Pointer Dereference Vulnerability (CNVD-2021-01282)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A null pointer dereference vulnerability exists in bfdpefparsefunctionstubs in bfd/pef.c in versions of GNU Binutils prior to 2.34. An attacker can...

DEBIAN-CVE-2020-35507

There's a flaw in bfdpefparsefunctionstubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability...

kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c

A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlinkparsetuplefilter in net/netfilter/nfconntracknetlink.c. The highest threat from thi...

parse-server encryption issue vulnerability

parse-server is an open source Backend-as-a-Service BaaS framework , it is mainly used for application back-end processing . A security vulnerability exists in Parse Server versions prior to 4.5.0 that stems from LDAP authentication involving user passwords stored in plaintext. No details of the...

GNU Binutils 代码问题漏洞

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A null pointer dereference vulnerability exists in bfdpefparsesymbols in bfd/pef.c in versions of GNU Binutils prior to 2.34. An attacker can cause...