PT-2024-32465 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 6.5.9 Parse Server versions prior to 7.3.0 Description: The issue arises when the Parse Server option allowCustomObjectId: true is set, allowing an attacker to create a new user with a custom object ID that...

webob: WebOb's location header normalization during redirect leads to open redirect

A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...

ROS-20241001-10

A vulnerability in the Parse function of the Go programming language is related to uncontrolled recursion. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of service. A vulnerability in the Decoder.Decode function of the Go programming language is...

Important: golang

Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...

PT-2024-40586 · Git +1 · Readstat

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read crash has been reported. The crash occurs in the following functions: extract mr data, parse mr string, and readstat parse sa...

CVE-2024-41445

Library MDF mdflib v2.1 is vulnerable to a heap-based buffer overread via a crafted mdf4 file is parsed using the ReadData function...

kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

A vulnerability was found in the Linux kernel's amdgpu driver in the amdgpuvceringparsecs function where the size variable is initialized with a pointer that may not be properly set before use. This issue could lead to unpredictable behavior in the system...

libexpat: Negative Length Parsing Vulnerability in libexpat

A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XMLParseBuffer function...

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

The vulnerability of the parse_table() function in the ps-pdf.cxx component of the HTMLDOC document conversion tool allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the parsetable function in the ps-pdf.cxx component of the HTMLDOC conversion tool is related to writing beyond buffer boundaries. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

PT-2024-41023 · Oracle · Java Xml

Name of the Vulnerable Software and Affected Versions: Java XML affected versions not specified Description: The issue is related to a security exception in the Java XML library. A crash occurs in the DOM2TO.parse function, which is part of the com.sun.org.apache.xalan.internal.xsltc.trax package...

libexpat: Negative Length Parsing Vulnerability in libexpat

A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XMLParseBuffer function...

DEBIAN-CVE-2024-46743

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When ofirqparseraw is invoked with a device address smaller than the interrupt parent node from address-cells property, KASAN detects the following...

AZL-49421 CVE-2024-46742 affecting package kernel for versions less than 5.15.182.1-1

In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of leasectxinfo in smb2open null-ptr-deref will occur when reqoplevel == SMB2OPLOCKLEVELLEASE and parseleasestate return NULL. Fix this by check if 'leasectxinfo' is NULL. Additionally,...

CLSA-2024-1726608591 expat: Fix of 3 CVEs

CVE-2024-45490: Reject negative length for XMLParseBuffer in xmlparse.c - CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms - CVE-2024-45492: Detect integer overflow in nextScaffoldPart on 32-bit platforms...

CVE-2024-45490

...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.23 (SUSE-SU-2024:3214-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3214-1 advisory. - Update go v1.23.1 - CVE-2024-34155: Fixed stack exhaustion in all Parse functions. bsc1230252 ...

The vulnerability of the `cv::XMLParser::parse` function in the `modules/core/src/persistence.cpp` file of the OpenCV library, a open-source computer vision and image processing software, relates to pointer dereferencing errors. This vulnerability allows attackers to trigger a service denial.

The vulnerability of the cv::XMLParser::parse function in the modules/core/src/persistence.cpp file of the OpenCV library, which is used for computer vision, image processing, and general numerical algorithms, is related to pointer dereferencing errors. Exploiting this vulnerability could allow a...

The vulnerability of the Parse function in the Go programming language, which allows a hacker to trigger a service failure

The vulnerability of the Parse function in the Go programming language is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...