SUSE CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c

An information leak vulnerability was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfreq function. An attacker with physical access within the range of standard Bluetooth transmission could use thi...

DEBIAN-CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

UBUNTU-CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

USN-6758-1: JSON5 vulnerability

It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named \proto\. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access to network...

kernel: smb: client: fix potential OOBs in smb2_parse_contexts()

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...

kernel: use-after-free in kv_parse_power_table

A use-after-free flaw was found in kvparsepowertable in drivers/amd/pm in the Linux kernel. When ps equals NULL, kvparsepowertable frees adev-pm.dpm.ps. The adev-pm.dpm.ps is used in the loop of kvdpmfini after its first free in kvparsepowertable, causing a use-after-free problem...

OSV-2024-352 Heap-buffer-overflow in __parse_options

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68156 Crash type: Heap-buffer-overflow READ Crash state: parseoptions parseoptions parseoptions...

sqlparse 安全漏洞

sqlparse is Python's non-validating SQL parser. It provides support for parsing, splitting, and formatting SQL statements. A security vulnerability exists in sqlparse that stems from an application passing a nested list to sqlparse.parse, resulting in a denial of service...

UBUNTU-CVE-2023-46566

Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class...

golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...

CVE-2023-46566

msoulier tftpy is affected by a Buffer Overflow in the parse function of the TftpPacketFactory class. Root cause: inadequate input validation leads to remote denial of service. Impact: remote attacker over the network can cause a DoS; no patch/version details are provided in the supplied document...

Open Networking Foundation ONOS 安全漏洞

Open Networking Foundation ONOS is an open source SDN controller open sourced by Open Networking Foundation. It is used to build next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS onos-lib-go version 0.10.25, which stems from an index out-of-boun...

PT-2024-13362 · Msoulier · Tftpy

Name of the Vulnerable Software and Affected Versions: msoulier tftpy affected versions not specified Description: A Buffer Overflow issue allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class. This issue can be exploited by a remote attacker,...

UBUNTU-CVE-2024-33260

Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parserparseclass at jerry-core/parser/js/js-parser-expr.c...

Jerryscript 安全漏洞

JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in Jerryscript, which stems from the component parserparseclass in jerry-core/parser/js/js-parser-expr.c contains a segmentation violation...

The vulnerability of the Criteria.parse() function in the Java library JsonPath, which allows a attacker to trigger a service failure

The vulnerability of the Criteria.parse function in the Java JsonPath library is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to cause a service failure...

yajl: Memory leak in yajl_tree_parse function

A flaw was found in the yajl library, which exists due to a memory leak within the yajltreeparse function. This flaw allows a remote attacker to parse malicious JSON input to cause out-of-memory in the server, causing a crash, resulting in a denial of service attack...

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions prior to 0.3.8 through 0.4.0b1, which stems from a false assertion issue in the stmt.parseForrange function...

PT-2024-24921 · Conform · Conform

Name of the Vulnerable Software and Affected Versions: Conform versions prior to 1.1.1 Description: Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to...