Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a stack buffer overrun in the Double Parse routine. An attacker can execute arbitrary code by supplying a specially crafted input that triggers the buffer overrun. Remediation Upgrade...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a stack buffer overrun in the Double Parse routine. An attacker can execute arbitrary code by supplying a specially crafted input that triggers the buffer overrun. Remediation Upgrade...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a stack buffer overrun in the Double Parse routine. An attacker can execute arbitrary code by supplying a specially crafted input that triggers the buffer overrun. Remediation Upgrade...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a stack buffer overrun in the Double Parse routine. An attacker can execute arbitrary code by supplying a specially crafted input that triggers the buffer overrun. Remediation Upgrade...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a stack buffer overrun in the Double Parse routine. An attacker can execute arbitrary code by supplying a specially crafted input that triggers the buffer overrun. Remediation Upgrade...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a stack buffer overrun in the Double Parse routine. An attacker can execute arbitrary code by supplying a specially crafted input that triggers the buffer overrun. Remediation Upgrade...

dotnet: stack buffer overrun in Double Parse

A remote code execution vulnerability exists in .NET 7.0 and .NET 8.0. A stack buffer overrun occurs in the .NET Double Parse routine...

AZL-44562 CVE-2024-4068 affecting package nodejs-nodemon 2.0.3-5

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

UBUNTU-CVE-2024-4068

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

USN-6771-1: SQL parse vulnerability

It was discovered that SQL parse incorrectly handled certain nested lists. An attacker could possibly use this issue to cause a denial of service...

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : SQL parse vulnerability (USN-6771-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6771-1 advisory. It was discovered that SQL parse incorrectly handled certain nested lists. An attacker could possibly use this issue to cause a denial of...

RHEL 8 : nodejs-path-parse (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe CVE-2021-23343 Note that Nessus has not...

RHEL 7 : npmjs-url-parse (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - npmjs-url-parse: Improper validation of protocol of the returned URL CVE-2020-8124 Note that Nessus has not tested...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

OSV-2024-420 Use-of-uninitialized-value in Lexer::Error

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68397 Crash type: Use-of-uninitialized-value Crash state: Lexer::Error ManifestParser::ParseRule ManifestParser::Parse...

PT-2024-40757 · Git +1 · Ninja

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the Lexer::ReadToken function, which is called by...

PT-2024-40756 · Avif · Avif

Name of the Vulnerable Software and Affected Versions: avif affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the avifSequenceHeaderParse function, which is called by avifDecoderReset and avifDecoderParse...

CVE-2024-2410

The JsonToBinaryStream function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed...

GHSA-MJR4-7XG5-PFVH libxmljs2 type confusion vulnerability when parsing specially crafted XML

libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop and remote code...

PT-2024-25854 · Libxmljs2 · Libxmljs2

Name of the Vulnerable Software and Affected Versions: libxmljs2 affected versions not specified Description: The issue is related to a type confusion vulnerability that occurs when parsing a specially crafted XML. This happens while invoking a function on the result of attrs that was called on a...