OESA-2024-1481 llvm security update

LLVM is a compiler infrastructure designed for compile-time, link-time, runtime, and idle-time optimization of programs from arbitrary programming languages. Security Fixes: LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata function via a crafted pdflatex.fmt file or perhaps a...

SUSE CVE-2024-26828

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...

DEBIAN-CVE-2024-26828

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...

UBUNTU-CVE-2024-26828

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...

CVE-2024-26828 cifs: fix underflow in parse_server_interfaces()

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a parseserverinterfaces buffer underflow...

CVE-2024-22262

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

GHSA-2M57-HF25-PHGG sqlparse parsing heavily nested list leads to Denial of Service

Summary Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. Details + PoC Running the following code will raise Maximum recursion limit exceeded exception: py import sqlparse sqlparse.parse'' 10000 + '' 10000 We expect a traceback of RecursionError:...

PT-2024-10474 · Pypi +4 · Sqlparse +4

Name of the Vulnerable Software and Affected Versions: sqlparse affected versions not specified Description: The issue is related to the sqlparse.parse function, which can lead to a Denial of Service due to a RecursionError when processing a heavily nested list. This can be exploited by a remote...

OESA-2024-1432 golang security update

The Go Programming Language. Security Fixes: The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...

CVE-2024-23082

ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a...

CVE-2024-23082

ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a...

UBUNTU-CVE-2024-23082

DISPUTED ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence o...

ThreeTen backport project 安全漏洞

ThreeTen backport project is a simple backport for ThreeTen open source. A security vulnerability exists in ThreeTen backport project version v1.6.8, which stems from a null pointer exception contained in the component org. Threeten.bp.format.DateTimeFormatter parseCharSequence, ParsePosition...

CVE-2024-23082

CVE-2024-23082 concerns ThreeTen Backport v1.6.8, with an integer overflow in DateTimeFormatter.parse(CharSequence, ParsePosition). Multiple sources dispute the vulnerability’s existence; no solid public exploit details are provided in the documents. Red Hat/IBM postings flag a potential denial-o...

PT-2024-19661 · Unknown · Threeten Backport

Name of the Vulnerable Software and Affected Versions: ThreeTen Backport version 1.6.8 Description: The issue is related to an integer overflow in the org.threeten.bp.format.DateTimeFormatter::parseCharSequence, ParsePosition component. However, it is noted that the existence of this issue is...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a missing null check in the asn1ecpkeyparsep384 module of the asn1common.c file, which could lead to out-of-bounds reads...

The vulnerability of the gf_mpd_parse_string function (media_tools/mpd.c:75) in the multimedia platform GPAC allows a hacker to cause a service failure.

The vulnerability of the gfmpdparsestring function mediatools/mpd.c:75 in the GPAC multimedia platform is related to the lack of memory release after the effective lifespan has ended. Exploiting this vulnerability could allow an attacker to cause a service failure...

ROS-20240402-05

Vulnerability of TiXmlDeclaration::Parse function in tinyxmlparser.cpp component of TinyXML XML-parser is related to the use of assert operator when processing 0 character after space. using assert operator when processing 0 character after a space. Exploitation vulnerability could allow an...

BIT-PARSE-2024-27298 Parse Server literalizeRegexPart SQL Injection

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0...