UBUNTU-CVE-2019-11640

An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function recfexparsestrsimple at rec-fex.c in librec.a...

PT-2019-10260 · Sass +2 · Libsass +2

Name of the Vulnerable Software and Affected Versions: LibSass versions 3.5.5 and earlier Description: The parsing component in LibSass allows attackers to cause a denial-of-service due to uncontrolled recursion in Sass::Parser::parse css variable value in parser.cpp. Recommendations: For LibSass...

Authentication flaw

XXE issue in Airsonic before 10.1.2 during parse...

CVE-2018-20222

XXE issue in Airsonic before 10.1.2 during parse...

PT-2019-8748 · Open Information Security Foundation · Suricata

Name of the Vulnerable Software and Affected Versions: Suricata version 4.0.4 Description: The issue arises from incorrect handling of the SSH banner parsing in Suricata. A malformed SSH banner can cause the parsing code to read beyond the allocated data due to the lack of a length check in the...

[SECURITY] Fedora 29 Update: podofo-0.9.6-6.fc29

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

DEBIAN-CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

ALPINE-CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

UBUNTU-CVE-2018-17419

An issue was discovered in setTA in scanrr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone parsing error causes a segmentation violation, leading to denial of service...

PT-2019-4598 · Python +8 · Python +8

Name of the Vulnerable Software and Affected Versions: Python versions 2.7.x through 2.7.16 and 3.x through 3.7.2 Description: The issue is related to improper handling of Unicode encoding during NFKC normalization, which can lead to information disclosure, including credentials and cookies cache...

UBUNTU-CVE-2009-5155

In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...

UBUNTU-CVE-2019-9021

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the...

DEBIAN-CVE-2018-5819

An error within the "parsesinaria" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources...

DEBIAN-CVE-2018-5818

An error within the "parserollei" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop...

UBUNTU-CVE-2018-5819

An error within the "parsesinaria" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources...

[SECURITY] Fedora 29 Update: podofo-0.9.6-5.fc29

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

Node.js third-party modules: [url-parse] Improper Validation and Sanitization

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report Improper...

UEFI Firmware Parser - Parse BIOS/Intel ME/UEFI Firmware Related Structures: Volumes, FileSystems, Files, Etc

The UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too. Please use the example scripts for parsing tutorials. Installation This module is includ...

Arbitrary Command Execution

Overview pyxdg contains implementations of freedesktop.org standards in python. Affected versions of this package are vulnerable to Arbitrary Command Execution via the xdg.Menu.parse function. When it is possible to craft an evil menu file with a Category node containing Python injected code. The...

Updated perl-Email-Address package fixes security vulnerability

The parse method in the Email::Address module through 1.912 for Perl can consume a large amount of resources on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f" CVE-2018-12558...