python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

CVE-2020-26710

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

CVE-2020-26710

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

easy-parse 代码问题漏洞

easy-parse is a PyPI project for xml and json parsing by the individual developer Colton Willig. A security vulnerability exists in easy-parse v0.1.1, which stems from the inclusion of an XML External Entity Injection XXE vulnerability that could allow an attacker to execute arbitrary code via a...

PT-2023-11757 · Unknown · Easy-Parse

Name of the Vulnerable Software and Affected Versions: easy-parse version 0.1.1 Description: The issue allows attackers to execute arbitrary code via a crafted XML file, exploiting a XML External Entity Injection XXE vulnerability. Recommendations: For easy-parse version 0.1.1, update to a versio...

CVE-2020-26710

CVE-2020-26710 affects the Python package easy-parse v0.1.1. Affected component: XML parsing logic that is vulnerable to XML External Entity Injection (XXE). Underlying cause: improper handling of external entities in XML processing, enabling an attacker to execute arbitrary code via a crafted XM...

CVE-2023-36475

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...

CVE-2023-36475 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...

CVE-2023-36475 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...

CVE-2023-36475

Parse Server is affected by a prototype pollution vulnerability that enables remote code execution through the MongoDB BSON parser. The issue occurs in affected builds prior to 5.5.2 and 6.2.1, where a prototype pollution sink can be exploited to trigger RCE. A patch is available in versions 5.5....

CVE-2023-36475 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...

AZL-27347 CVE-2023-3359 affecting package kernel for versions less than 5.15.118.1-2

An issue was discovered in the Linux kernel brcmnvramparse in drivers/nvmem/brcmnvram.c. Lacks for the check of the return value of kzalloc can cause the NULL Pointer Dereference...

AZL-27332 CVE-2023-3359 affecting package hyperv-daemons for versions less than 5.15.118.1-1

An issue was discovered in the Linux kernel brcmnvramparse in drivers/nvmem/brcmnvram.c. Lacks for the check of the return value of kzalloc can cause the NULL Pointer Dereference...

DEBIAN-CVE-2023-3359

An issue was discovered in the Linux kernel brcmnvramparse in drivers/nvmem/brcmnvram.c. Lacks for the check of the return value of kzalloc can cause the NULL Pointer Dereference...

UBUNTU-CVE-2023-3359

An issue was discovered in the Linux kernel brcmnvramparse in drivers/nvmem/brcmnvram.c. Lacks for the check of the return value of kzalloc can cause the NULL Pointer Dereference...

CVE-2023-21161

In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2023-21179

In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21159

In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...