SUSE CVE-2021-23343

All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

SUSE CVE-2021-28302

A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the ParserparseDocument function. ixmlNodefree will release a child node recursively, which will consume stack space and lead to a crash...

SUSE CVE-2021-41201

TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation is supposed to set the flags in inputhasellipsis vector and outputhasellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However...

SUSE CVE-2021-41687

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack...

SUSE CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

SUSE CVE-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...

SUSE CVE-2021-46665

MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...

SUSE CVE-2022-0185

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...

SUSE CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

SUSE CVE-2022-1061

Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8...

SUSE CVE-2022-2078

A vulnerability was found in the Linux kernel's nftsetdescconcatparse function .This flaw allows an attacker to trigger a buffer overflow via nftsetdescconcatparse , causing a denial of service and possibly to run code...

SUSE CVE-2022-3533

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parseusdtarg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument regname leads to memory leak. It is recommended to apply a patch to fix this issue. The...

SUSE CVE-2022-26129

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parsehellosubtlv, parseihusubtlv, and parseupdatesubtlv in babeld/message.c...

SUSE CVE-2022-27942

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parsempls in common/get.c...

SUSE CVE-2022-27950

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hidparse error condition...

SUSE CVE-2022-29358

epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in parsespecialtag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted XML file...

SUSE CVE-2022-32149

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

SUSE CVE-2022-37032

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgpcapabilitymsgparse in bgpd/bgppacket.c...

SUSE CVE-2022-37049

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parsempls at common/get.c:150. NOTE: this is different from CVE-2022-27942...

SUSE CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...