CVE-2018-17848

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in insertionModeStack.pop in node.go, called from inHeadIM, during an html.Parse call...

CVE-2018-17847

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in nodeStack.pop in node.go, called from parser.clearActiveFormattingElements, during an html.Parse call...

Prototype Pollution

merge is vulnerable to prototype pollution. Properties of the Object prototype can be added or modified via JSON.parse, causing a denial of service condition or possibly remote code execution depending on the application...

PT-2018-14220 · Google · X/Net/Html

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions through 2018-09-25 Description: The issue arises from the html package mishandling certain HTML tags, such as and , leading to a "panic: runtime error" index out of range during an html.Parse call. This...

PT-2018-14218 · Google · Html

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html through 2018-09-25 Description: The issue arises from the mishandling of specific HTML tags, such as , which can cause an infinite loop during an html.Parse call. This occurs because inSelectIM and inSelectInTableI...

PT-2018-14219 · Google · Html Package

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions through 2018-09-25 Description: The issue is related to the html package mishandling certain HTML inputs, such as , leading to a "panic: runtime error" index out of range in nodeStack.pop or...

Design/Logic Flaw

A SIGFPE signal is raised in the function H5Dchunksetinforeal of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207...

CVE-2018-17237

CVE-2018-17237 affects HDF5 1.10.3. A SIGFPE (division by zero) occurs in H5D__chunk_set_info_real() within H5Dchunk.c during parsing of a crafted HDF file, due to insufficient protection against division by zero. Connected sources reference this HDF5 issue alongside related CVEs and note its con...

PoDoFo Information Disclosure Vulnerability

PoDoFo is an open source , written in C++ using the PDF file format library . PoDoFo in the 'PdfEncoding::ParseToUnicode ' function there is an information leakage vulnerability , the vulnerability stems from the program fails to correctly validate the data submitted by the user , an attacker can...

CVE-2018-17143

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...

CVE-2018-17043

An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parsedoc in parsedoc.cpp...

GHSA-H6H9-PPHV-M266 Topydo Improper Input Validation vulnerability

topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attac...

[SECURITY] Fedora 27 Update: iniparser-4.0-7.20160821git.fc27

iniParser is an ANSI C library to parse "INI-style" files, often used to hold application configuration information...

Contiki-NG Buffer Overflow Vulnerability

Contiki-NG is an open source, cross-platform operating system for next-generation IoT devices. A stack buffer overflow vulnerability exists in the 'parserelations' function in the os/storage/antelope/aql-parser.c file in Contiki-NG 4.1 and earlier versions, which can be exploited by remote...

Memory Leak

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Memory Leak. An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function zzipparserootdirectory in zip.c, which will lead to a denial of service...

UBUNTU-CVE-2018-16548

An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function zzipparserootdirectory in zip.c, which will lead to a denial of service attack...

DEBIAN-CVE-2018-16428

In GNOME GLib 2.56.1, gmarkupparsecontextendparse in gmarkup.c has a NULL pointer dereference...

UBUNTU-CVE-2018-16412

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function...

UBUNTU-CVE-2018-16429

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in gmarkupparsecontextparse in gmarkup.c, related to utf8str...

dlplibs/docfuzzer: Use-of-uninitialized-value in WPSHeader::constructHeader

Detailed report: https://oss-fuzz.com/testcase?key=5691444556201984 Project: dlplibs Fuzzer: libFuzzerdlplibsdocfuzzer Fuzz target binary: docfuzzer Job Type: libfuzzermsandlplibs Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: WPSHeader::constructHeader...