The vulnerability of the TiXmlDeclaration::Parse() function in the TinyXML parser component, tinyxmlparser.cpp, allows a attacker to cause a service failure.

The vulnerability of the TiXmlDeclaration::Parse function in the TinyXML parser tinyxmlparser.cpp is related to the use of the assert operator when processing the character 0, which is located after a space. Exploiting this vulnerability may allow an attacker to cause a service failure remotely...

SUSE CVE-2023-51079

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...

CVE-2023-51079

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...

CVE-2023-51074

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse method...

CVE-2023-51079

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...

UBUNTU-CVE-2023-51074

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse method...

UBUNTU-CVE-2023-51079

DISPUTED A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...

Jayway JsonPath Security Vulnerability

Jayway JsonPath is json-path open source a Java DSL for reading Json documents. A security vulnerability exists in Jayway JsonPath version v2.8.0, which stems from a stack overflow vulnerability in the Criteria.parse method...

PT-2023-31756 · Mvel2 · Mvel2

Name of the Vulnerable Software and Affected Versions: mvel2 version 2.5.0 Final Description: A TimeOut error exists in the ParseTools.subCompileExpression method due to many Java class lookups, potentially causing a long execution time. The vendor disputes the significance of this issue, stating...

PT-2023-35670 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details include a crash state involving js free function def, js parse function decl...

VulnCheck KEV: CVE-2023-7101

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic...

PT-2023-35668 · Rawspeed · Rawspeed

Name of the Vulnerable Software and Affected Versions: rawspeed affected versions not specified Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the parseWhiteBalance function within DngDecoder, which is part of the rawspeed library...

Micro HTTP Server Security Vulnerability

Micro HTTP Server is a very simple HTTP server for prototyping by the individual developer Jian-Hong Pan in China. A security vulnerability exists in MicroHttpServer Micro HTTP Server version a8ab029 and earlier versions, which stems from a buffer overflow in ParseHeader in lib/server.c. The...

Spreadsheet-ParseExcel Code Injection Vulnerability

Spreadsheet-ParseExcel is a module for extracting information from Excel files by the individual developer John McNamara in Ireland. A security vulnerability exists in Spreadsheet-ParseExcel version 0.65 that originates from passing unvalidated input from a file to a string, resulting in arbitrar...

PT-2023-31889 · Unknown · Microhttpserver

Name of the Vulnerable Software and Affected Versions: MicroHttpServer versions through a8ab029 Description: The issue allows a one-byte recv buffer overflow via a long URI in the ParseHeader function located in lib/server.c. Recommendations: For versions through a8ab029, consider restricting...

Stack overflow

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-50730

CVE-2023-50730 affects Grackle, a Scala GraphQL server. The vulnerabilities arise from two stack-related issues: (1) cyclic GraphQL fragments could trigger a JVM StackOverflowError during type checking/compilation, and (2) the cats-parse recursive operator used in the parser isn’t stack-safe, ena...

CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

PT-2023-8145

Name of the Vulnerable Software and Affected Versions Barracuda ESG Appliance versions 5.1.3.001 through 9.2.1.001 Description The issue is related to a case of arbitrary code execution that resides within a third-party and open-source library named Spreadsheet::ParseExcel, used by the Amavis...