6935 matches found
PT-2024-40416 · Libxml2 +2 · Libxml2 +2
Name of the Vulnerable Software and Affected Versions: Zend Framework 2 affected versions not specified Description: The issue concerns XML Entity Expansion XEE attacks, which can lead to Denial Of Service attacks against a host's RAM. This occurs because there is no current method of disabling...
kernel: cifs: fix underflow in parse_server_interfaces()
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...
kernel: cifs: fix underflow in parse_server_interfaces()
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...
UBUNTU-CVE-2024-23948
Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the...
UBUNTU-CVE-2024-23951
Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the...
dotnet: stack buffer overrun in Double Parse
A remote code execution vulnerability exists in .NET 7.0 and .NET 8.0. A stack buffer overrun occurs in the .NET Double Parse routine...
golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...
dotnet: stack buffer overrun in Double Parse
A remote code execution vulnerability exists in .NET 7.0 and .NET 8.0. A stack buffer overrun occurs in the .NET Double Parse routine...
CVE-2021-47257
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type...
SUSE CVE-2021-47257
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type...
python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
kernel: smb: client: fix potential OOBs in smb2_parse_contexts()
A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...
CVE-2024-29651
A prototype pollution flaw was found in the API Dev Tools json-schema-ref-parser. This flaw allows a remote attacker to cause a denial of service, Cross-site scripting, or arbitrary code via the bundle, parse, resolve, and dereference functions. Mitigation Mitigation for this issue is either not...
DEBIAN-CVE-2021-47395
In the Linux kernel, the following vulnerability has been resolved: mac80211: limit injected vht mcs/nss in ieee80211parsetxradiotap Limit max values for vht mcs and nss in ieee80211parsetxradiotap routine in order to fix the following warning reported by syzbot: WARNING: CPU: 0 PID: 10717 at...
DEBIAN-CVE-2021-47257
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type...
CVE-2021-47257
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type...
UBUNTU-CVE-2021-47257
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type...
CVE-2021-47257 net: ieee802154: fix null deref in parse dev addr
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type...
CVE-2021-47257 net: ieee802154: fix null deref in parse dev addr
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type...
CLSA-2024-1716272110 ncurses: Fix of CVE-2023-50495
CVE-2023-50495: check return value of ncsavestr from upstream patch 20230424, add validity checks in ncparseentry from upstream patch 20170826...