The vulnerability of the URI_FUNC() function in the UriParse.c component of the UriParser parser allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the URIFUNC function in the UriParse.c component of the UriParser parser is related to reading data beyond the allowable buffer size limits. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service...

mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations

MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

CLSA-2023-1699381084 Fix of 5 CVEs

SECURITY UPDATE: reachable assertion failure in displaydebugnames - debian/patches/CVE-2022-35205.patch: replace assert with a warning message - CVE-2022-35205 SECURITY UPDATE: memory leak in stabdemanglev3arg - debian/patches/CVE-2022-47007.patch: free dt on failure path - CVE-2022-47007 SECURIT...

CLSA-2023-1699380175 Fix CVE(s): CVE-2022-47011, CVE-2022-47007, CVE-2022-47010, CVE-2022-47008

SECURITY UPDATE: memory leak in stabdemanglev3arg - debian/patches/CVE-2022-47007.patch: free dt on failure path - CVE-2022-47007 SECURITY UPDATE: memory leak in maketempdir - debian/patches/CVE-2022-47008.patch: free template on all failure paths - CVE-2022-47008 SECURITY UPDATE: memory leak in...

kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 "mt76: mt7921: rely on...

kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c

An information leak vulnerability was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfreq function. An attacker with physical access within the range of standard Bluetooth transmission could use thi...

protobuf-c: unsigned integer overflow in parse_required_member

A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...

Rocky Linux 8 : ruby:2.5 (RLSA-2022:5779)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5779 advisory. - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1,...

SUSE CVE-2023-38472

A vulnerability was found in Avahi. A reachable assertion exists in the avahirdataparse function...

CVE-2023-1194

An out-of-bounds OOB memory read flaw was found in parseleasestate in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parseleasestate...

DEBIAN-CVE-2023-1194

An out-of-bounds OOB memory read flaw was found in parseleasestate in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parseleasestate...

AZL-34552 CVE-2023-38472 affecting package avahi for versions less than 0.8-4

A vulnerability was found in Avahi. A reachable assertion exists in the avahirdataparse function...

UBUNTU-CVE-2023-38472

A vulnerability was found in Avahi. A reachable assertion exists in the avahirdataparse function...

BIT-2023-46119

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...

PT-2023-30264 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev605-gfc9e29089-master Description: The issue is a heap-buffer-overflow in the ffdmx parse side data function located at /afltest/gpac/src/filters/ff dmx.c:202:14 in gpac/MP4Box. This indicates a problem with how data i...

SUSE CVE-2020-7788

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

The vulnerability of the `netserver parse_command_list` function in the Reolink RLC-410W camera’s software allows a intruder to trigger a service failure.

The vulnerability of the netserver parsecommandlist function in the Reolink RLC-410W IP camera software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure remotely...

AZL-31746 CVE-2023-46316 affecting package traceroute for versions less than 2.1.3-1

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines...

CVE-2023-46119

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...