ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0) +5843 more potentially affected by CVE-2012-0881 via xerces:xercesImpl (>=2.10.0 <=2.11.0)

xerces:xercesImpl MAVEN version =2.10.0, =1.0.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =0.2, =5.0.9, =1.0.0, =1.0.1 and more Source cves: CVE-2012-0881 Source advisory: OSV:GHSA-VMQM-G3VH-847M...

CVE-2020-0171

In Parselart of easmdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313223...

UBUNTU-CVE-2020-11937

In whoopsie, parsereport from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1...

Prototype Pollution in ini-parser

All versions of ini-parser are vulnerable to prototype pollution. The parse function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Conside...

GHSA-96R7-MRQF-JHCC Prototype Pollution in ini-parser

All versions of ini-parser are vulnerable to prototype pollution. The parse function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Conside...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

Design/Logic Flaw

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

CVE-2020-13871

SQLite 3.32.2 is affected by a use-after-free in resetAccumulator (select.c) due to a late parse tree rewrite for window functions. Impact could include a crash or arbitrary code execution. Remediation: upgrade to SQLite 3.32.3 or later (fix upstream).

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

CVE-2019-14038

Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

Buffer overflow

Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2019-14038

Buffer over-read in ADSP parse function due to lack of check for availability of sufficient data payload received in command response in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2019-14038

CVE-2019-14038 is a buffer over-read in the ADSP parse function caused by a missing check for sufficient data payload in a Qualcomm Snapdragon ADSP command response. Affected are Snapdragon products across multiple lines (Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, We...

PT-2020-6913

Name of the Vulnerable Software and Affected Versions c-ares versions 1 16 1 through 1 17 0 Description The issue is related to a buffer overflow vulnerability in the ares parse soa reply function of the c-ares library, which handles asynchronous DNS requests. This vulnerability can be exploited ...

PT-2020-6929

Name of the Vulnerable Software and Affected Versions libcroco versions 0.6.13 and earlier Description The issue is related to the cr parser parse any core function in the cr-parser.c component of the libcroco library, which is used for working with cascading style sheets css2. It is associated...

GHSA-RC77-XXQ6-4MFF Command Injection in hot-formula-parser

Versions of hot-formula-parser prior to 3.0.1 are vulnerable to Command Injection. The package fails to sanitize values passed to the parse function and concatenates it in an eval call. If a value of the formula is supplied by user-controlled input it may allow attackers to run arbitrary commands...

GHSA-GQGV-6JQ5-JJJ9 Prototype Pollution Protection Bypass in qs

Affected version of qs are vulnerable to Prototype Pollution because it is possible to bypass the protection. The qs.parse function fails to properly prevent an object's prototype to be altered when parsing arbitrary input. Input containing or may bypass the prototype pollution protection and alt...