GHSA-H6H9-PPHV-M266 Topydo Improper Input Validation vulnerability

topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attac...

[SECURITY] Fedora 27 Update: iniparser-4.0-7.20160821git.fc27

iniParser is an ANSI C library to parse "INI-style" files, often used to hold application configuration information...

Contiki-NG Buffer Overflow Vulnerability

Contiki-NG is an open source, cross-platform operating system for next-generation IoT devices. A stack buffer overflow vulnerability exists in the 'parserelations' function in the os/storage/antelope/aql-parser.c file in Contiki-NG 4.1 and earlier versions, which can be exploited by remote...

Memory Leak

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Memory Leak. An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function zzipparserootdirectory in zip.c, which will lead to a denial of service...

UBUNTU-CVE-2018-16548

An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function zzipparserootdirectory in zip.c, which will lead to a denial of service attack...

DEBIAN-CVE-2018-16428

In GNOME GLib 2.56.1, gmarkupparsecontextendparse in gmarkup.c has a NULL pointer dereference...

UBUNTU-CVE-2018-16412

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function...

UBUNTU-CVE-2018-16429

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in gmarkupparsecontextparse in gmarkup.c, related to utf8str...

dlplibs/docfuzzer: Use-of-uninitialized-value in WPSHeader::constructHeader

Detailed report: https://oss-fuzz.com/testcase?key=5691444556201984 Project: dlplibs Fuzzer: libFuzzerdlplibsdocfuzzer Fuzz target binary: docfuzzer Job Type: libfuzzermsandlplibs Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: WPSHeader::constructHeader...

CVE-2018-15671

An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5Pgetcb in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service...

@afshin/custom404-extension (>=0.1.1 <=0.1.3), @apache-royale/cli (>=0.1.0 <=0.2.2) +443 more potentially affected by CVE-2018-3774 via url-parse (>=1.0.2 <=1.4.1)

url-parse NPM version =1.0.2, =0.1.1, =0.1.0, =0.0.1, =0.1.0, =0.1.1, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =1.1.1, =2.0.0, =2.0.0, =4.1.0 - @datalayer/jupyterlab-hub-extension =0.8.1 and more Source cves: CVE-2018-3774 Source advisory: OSV:GHSA-PV4C-P2J5-38J4...

Open Redirect in url-parse

Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery SSRF, or Bypass Authentication Protocol vulnerabilities. Recommendation Update to version 1.4.3 or later...

Design/Logic Flaw

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

DEBIAN-CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

CVE-2018-3774

CVE-2018-3774 affects the url-parse library prior to 1.4.3 and stems from incorrect hostname parsing. This can enable SSRF, open redirect, and potential bypass of authentication in affected workflows that rely on url-parse for URL handling. Exploitation scenarios include misparsing hosts in URLs ...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

PT-2018-16192 · Npm +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.4.3 Description: The issue is related to incorrect parsing in url-parse, which returns the wrong hostname. This can lead to multiple vulnerabilities, including Server Side Request Forgery SSRF, Open Redirect, and...