CVE-2024-36761

naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs...

CVE-2024-36761

CVE-2024-36761 affects naga v0.14.0, with a stack overflow in the WGSL parser component at /wgsl/parse/mod.rs. The CVSSv3.1 data indicates a high-severity, remote‑attack surface (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) with a base score of 9.8. Exploitation details are not provided in the supplied d...

Upgrading Veeam Kasten for Kubernetes Fails With Parse Error

Challenge When upgrading to Veeam Kasten for Kubernetes 6.5.3 or higher the upgrade fails with: parse error at k10/templates/v0services.yaml:128: function "continue" not defined Cause This issue is related to the Helm binary version that is installed. Solution To resolve this issue, download the...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

protobuf-c: unsigned integer overflow in parse_required_member

A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

CVE-2024-37162 zsa Generates Error Messages Containing Sensitive Information

zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine...

CVE-2024-37162 zsa Generates Error Messages Containing Sensitive Information

zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine...

CVE-2024-37162

CVE-2024-37162 affects the zsa library for Next.js. The vulnerability arises because the application transfers the parse error stack from server to client in production builds, potentially exposing sensitive server information such as machine usernames and directory paths. All users are affected....

PYSEC-2024-118

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

PYSEC-2024-118

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

PT-2024-20313 · Robdns · Robdns

Name of the Vulnerable Software and Affected Versions: robdns version d76d2e6 Description: The issue is related to a NULL pointer dereference via the item-tokens component at /src/conf-parse.c. This occurs in robdns commit d76d2e6. Recommendations: For version d76d2e6, consider applying a patch t...

robdns security breach

robdns is a dns service. A security vulnerability exists in robdns, which was discovered to contain a null pointer dereference vulnerability via the item-tokens component at /src/conf-parse.c. The vulnerability was discovered in the item-tokens component at /src/conf-parse.c...

PT-2024-27346 · Zsa · Zsa

Name of the Vulnerable Software and Affected Versions: zsa versions prior to 0.3.3 Description: The zsa application transfers the parse error stack from the server to the client in production build mode, potentially revealing sensitive information about the server environment, such as the machine...

RHEL 7 : jaeger (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - npmjs-url-parse: Improper validation of protocol of the returned URL CVE-2020-8124 Note that Nessus has not tested...

SUSE CVE-2024-23948

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the...

SUSE CVE-2024-23950

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

DEBIAN-CVE-2024-36953

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgicv2parseattr vgicv2parseattr is responsible for finding the vCPU that matches the user-provided CPUID, which of course may not be valid. If the ID is invalid, kvmgetvcpubyid...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from a flaw in the KVM:arm64:vgic-v2 module vgicv2parseattr...