PT-2020-3603 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 Description: In affected versions of WordPress, some priva...

LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp

There is a stack-based buffer overflow in the parsemakernote function of dcrawcommon.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact...

liblouis: Stack-based buffer overflow in compileTranslationTable.c

Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440...

LDAP Denial of Service (stack overflow) in

Description LDAP is encoded as ASN.1, and LDAP filters are defined recursively as Filter ::= CHOICE and 0 SET OF Filter, or 1 SET OF Filter, not 2 Filter, This recursion is mirrored in Samba's recursive decent parser, which consumes around 600 bytes of stack per filter sent by the client. In Samb...

CVE-2020-11958

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme...

CVE-2020-11958

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme...

CVE-2020-11958

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme...

Heap overflow

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme...

UBUNTU-CVE-2020-11958

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme...

CVE-2020-11958

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme...

CVE-2020-11958

CVE-2020-11958 affects re2c 1.3. A heap-based buffer overflow in Scanner::fill (parse/scanner.cc) is triggered by a long lexeme. Impact: potential crashes/DoS. Affected component is re2c (dev-util/re2c) 1.3; Gentoo GLSA-202007-28 recommends upgrading to the latest (>= re2c-1.3-r1). NVD data as...

CVE-2020-11958

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme...

PT-2020-12950 · Re2C +2 · Re2C +2

Name of the Vulnerable Software and Affected Versions: re2c version 1.3 Description: The issue is a heap-based buffer overflow in the Scanner::fill function located in parse/scanner.cc, which can be triggered by a long lexeme. Recommendations: For re2c version 1.3, consider restricting the input...

UBUNTU-CVE-2020-11558

An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audiosampleentryRead in isomedia/boxcodebase.c does not properly decide when to make gfisomboxdel calls. This leads to various use-after-free outcomes involving mdiaRead, gfisomdeletemovie, and gfisomparsemovieboxes...

PT-2020-2318 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.2 Description: The issue is related to a stack-based out-of-bounds write in the mpol parse str function in mm/mempolicy.c due to mishandling of an empty nodelist during mount option parsing. This could...

gettext: double free in default_add_message in read-catalog.c

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

python: email.utils.parseaddr wrongly parses email addresses

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0.10 Jaeger and Kiali security update

An update for Jaeger and Kiali is now available for Openshift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

npmjs-url-parse: Improper validation of protocol of the returned URL

An input validation flaw exists in the node.js-url-parse, which results in the URL being incorrectly set to the document location protocol instead of the URL being passed as an argument. An attacker could use this flaw to bypass security checks on URLs...

Information Disclosure

parse-server is vulnerable to information disclosure. An insecure regular expression parsing of the sessionToken and token$regex variables allows an attacker to discover and retrieve valid accounts, or verify and reset another user's account...