OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

Design/Logic Flaw

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php...

DEBIAN-CVE-2016-6335

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php...

CVE-2016-6331

ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php...

Google gRPC heap buffer overflow vulnerability (CNVD-2017-06015)

gRPC is an open source RPC framework . A heap buffer overflow vulnerability exists in the parseunix function within Google gRPC core/ext/clientchannel/parseaddress.c, which allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary code...

PT-2017-18028 · Gnome +2 · Libcroco +2

Name of the Vulnerable Software and Affected Versions: libcroco versions 0.6.11 through 0.6.12 Description: The issue is related to an "outside the range of representable values of type long" undefined behavior in the cr tknzr parse rgb function, which could potentially allow remote attackers to...

UBUNTU-CVE-2017-7860

Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parseunix function in core/ext/clientchannel/parseaddress.c...

DEBIAN-CVE-2017-7860

Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parseunix function in core/ext/clientchannel/parseaddress.c...

PT-2017-17955 · Gnu +2 · Gnu Osip +2

Name of the Vulnerable Software and Affected Versions: GNU oSIP versions 4.1.0 through 5.0.0 Description: A malformed SIP message can cause a heap buffer overflow in the msg osip body parse function, leading to a remote denial of service. This issue is related to the osip message parse.c file in...

The vulnerability of the FreeType library, which allows a perpetrator to trigger a service failure or cause other effects

The vulnerability of the parsecharstrings function in the type1/t1load.c file of the FreeType library does not guarantee that the font contains the glyph’s name. This vulnerability arises from reading beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cau...

dlplibs: Stack-buffer-overflow in StarWriterStruct::DatabaseName::read

Detailed report: https://oss-fuzz.com/testcase?key=5177092629069824 Project: dlplibs Fuzzer: libFuzzerdlplibssdwfuzzer Fuzz target binary: sdwfuzzer Job Type: libfuzzerasandlplibs Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 4 Crash Address: 0x7f3a03d7f378 Crash State:...

libplist 'parse_string_node()' function local denial of service vulnerability

libplist is a small portable C library that handles Apple Property List files in binary or XML. A denial of service vulnerability exists in libimobiledevice libplist version 1.12 in the parsestringnode function in bplist.c, which can cause a denial of service memory allocation error by a local us...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. The parsecharclass function in regparse.c in the Onigmo aka Oniguruma-mod regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service deep recursion and application...

PT-2017-16760

Name of the Vulnerable Software and Affected Versions YARA version 3.5.0 Description The issue allows remote attackers to cause a denial of service, resulting in a heap-based out-of-bounds read and application crash. This occurs when a crafted rule is mishandled in the yara yyparse function...

DoS caused by infinite recursion (stack overflow) in parse_char_class()

The parsecharclass function in regparse.c in the Onigmo aka Oniguruma-mod regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service deep recursion and application crash via a crafted regular expression...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

DEBIAN-CVE-2016-10196

Stack-based buffer overflow in the evutilparsesockaddrport function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service segmentation fault via vectors involving a long string in brackets in the ipasstring argument...

ALPINE-CVE-2016-10195

The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read...