UBUNTU-CVE-2023-26916

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysparsemem at lysparsemem.c...

PT-2023-9144

Name of the Vulnerable Software and Affected Versions: libyang versions 2.0.164 through 2.1.30 Description: The issue is related to a NULL pointer dereference in the lys parse mem function of the libyang library, which is used for YANG data modeling language parsing. This could allow a remote...

Security Bulletin: Multiple vulnerabilities in software used in node.js affect Cloud Pak System

Summary Multiple vulnerabilities found in follow-redirect, html-parse-stringify2, nth-check, pycrypto affect Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2021-23346 DESCRIPTION: Node.js html-parse-stringify and html-parse-stringify2...

USN-5973-1: url-parse vulnerabilities

It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or to perform a server-side request forgery attack or open...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : url-parse vulnerabilities (USN-5973-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5973-1 advisory. It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

CVE-2023-21028

In parseprinterAttributes of ipphelper.c, there is a possible out of bounds read due to a string without a null-terminator. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-20532

In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

PT-2023-17818 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In the parse printerAttributes function of ipphelper.c, there is a possible out of bounds read due to a string without a null-terminator. This could lead to remote information disclosure with no...

XML External Entity (XXE) Injection

weixin-python is vulnerable to XML External Entity XXE Injection. The vulnerability exists due to the parse function in msg.py and the toxml function in pay.py because xml entities are allowed to be resolved, allowing an attacker to inject and execute malicious XML documents to perform requests o...

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2023-096)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-096 advisory. valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the...

CVE-2023-28118 kaml has potential denial of service while parsing input with anchors and aliases

kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...

SUSE CVE-2023-27785

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function...

PT-2023-35710 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 1. The crash state involves several functions: xmlParseContentInternal,...

DEBIAN-CVE-2023-27787

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parselist function at the list.c:81 endpoint...

DEBIAN-CVE-2023-27785

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function...

CVE-2023-27785

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function...

Design/Logic Flaw

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function...

TCPprep 代码问题漏洞

Appneta tcpprep is a set of open source GPLv3 licensed utilities from Appneta, Inc. For UNIX and Win32 under Cygwin operating systems, it is used to edit and replay network traffic previously captured by tools such as tcpdump and Wireshark. A security vulnerability exists in TCPprep version...

CVE-2023-27785

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function...

CVE-2023-27785

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function...