Out-of-bounds

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2...

UBUNTU-CVE-2019-14292

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1...

CVE-2019-14293

Xpdf 4.01.01 contains an out-of-bounds read in GfxPatchMeshShading::parse (GfxState.cc, typeA!=6 case 2). Several sources consolidate this as a vulnerability that can lead to denial of service. The connected documents confirm the affected component and root cause but do not provide any remediatio...

CVE-2019-14292

CVE-2019-14292 affects Xpdf 4.01.01, with an out-of-bounds read in GfxPatchMeshShading::parse in GfxState.cc (typeA != 6, case 1). Exploitation could read beyond bounds, as documented in various advisories; fixes are referenced in later poppler/xpdf patch packages (e.g., SUSE-SU-2023:4362-1 and r...

CVE-2019-14291

Xpdf 4.01.01 contains an out-of-bounds read in GfxPatchMeshShading::parse (GfxState.cc, typeA==6 case 3). The issue is documented across multiple sources (NVD, CNVD, Red Hat, Ubuntu OSV, CNVD, etc.). Potential impact is a denial of service. The provided documents do not specify a vendor patch or ...

CVE-2019-14290

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2...

CVE-2019-14290

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2...

Code injection

yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::loadfromstr function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later...

Defining Wallarm API-specific Rules

Automatically Detect + Parse and Set Your Own Rules A unique Wallarm AI feature is its ability to automatically detect and parse complicated API protocols and then set up security rules based on specific data or parameters deep inside the API. Once parsed, the system creates the rules-based both ...

DEBIAN-CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

ALPINE-CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

DEBIAN-CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig caff.c:486. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

DEBIAN-CVE-2019-1010315

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig dsdiff.c:282. The attack vector is: Maliciously crafted .wav file. The fixed...

ALPINE-CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

Sensitive Data Exposure in parse-server

Versions of parse-server prior to 3.6.0 could allow an account enumeration attack via account linking. ParseError.ACCOUNTALREADYLINKED208 was thrown BEFORE the AuthController checks the password and throws a ParseError.SESSIONMISSING206 for Insufficient auth. An attacker can guess ids and get...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2019-1020013 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2019-1020013 Source advisory: OSV:GHSA-8W3J-G983-8JH5...

GHSA-8W3J-G983-8JH5 Sensitive Data Exposure in parse-server

Versions of parse-server prior to 3.6.0 could allow an account enumeration attack via account linking. ParseError.ACCOUNTALREADYLINKED208 was thrown BEFORE the AuthController checks the password and throws a ParseError.SESSIONMISSING206 for Insufficient auth. An attacker can guess ids and get...

UBUNTU-CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit...

PT-2019-13372 · Cesanta · Mongoose

Name of the Vulnerable Software and Affected Versions: Mongoose version 6.15 Description: The issue is related to a heap-based buffer over-read in the mq parse http function in mongoose.c. Recommendations: For Mongoose version 6.15, at the moment, there is no information about a newer version tha...

CVE-2019-2107

In ihevcdparsepps of ihevcdparseheaders.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...