6932 matches found
SUSE CVE-2023-24056
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconftupleparse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes...
PT-2023-35922 · Libxml2 · Libxml2
Name of the Vulnerable Software and Affected Versions: libxml2 affected versions not specified Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash indicate it occurs in the xmlParseTryOrFinish and xmlParseChunk functions within the xml.c file...
UBUNTU-CVE-2023-25584
An out-of-bounds read flaw was found in the parsemodule function in bfd/vms-alpha.c in Binutils...
PT-2023-35078 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.19 through v6.1.6 Description: A memory leak issue was discovered in the msm mdss parse data bus icc path function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in...
The vulnerability of the Cookie.parse() function in the CookieJar library allows a hacker to induce a service failure.
The vulnerability of the Cookie.parse function in the CookieJar library is related to errors in the use of regular expressions. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
CVE-2023-25584
An out-of-bounds read flaw was found in the parsemodule function in bfd/vms-alpha.c in Binutils...
PT-2023-35899 · Libraw · Libraw
Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to an index-out-of-bounds crash. Technical details about the crash include the involvement of specific functions: apply tiff, parse jpeg, and identify. Recommendations: ...
CVE-2022-45492
Buffer overflow vulnerability in function jsonparsenumber in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...
CVE-2022-45496
Buffer overflow vulnerability in function jsonparsestring in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...
CVE-2022-45493
Buffer overflow vulnerability in function jsonparsekey in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...
CVE-2022-45493
Buffer overflow vulnerability in function jsonparsekey in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...
AZL-74523 CVE-2022-45496 affecting package suitesparse 7.11.0-1
Buffer overflow vulnerability in function jsonparsestring in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...
AZL-74517 CVE-2022-45493 affecting package suitesparse 7.11.0-1
Buffer overflow vulnerability in function jsonparsekey in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...
AZL-74514 CVE-2022-45492 affecting package suitesparse 7.11.0-1
Buffer overflow vulnerability in function jsonparsenumber in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...
CVE-2023-22474
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server wi...
Cross site request forgery (csrf)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server wi...
CVE-2023-22474 Parse Server is vulnerable to authentication bypass via spoofing
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server wi...
CVE-2023-22474 Parse Server is vulnerable to authentication bypass via spoofing
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server wi...
CVE-2023-22474 Parse Server is vulnerable to authentication bypass via spoofing
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server wi...
CVE-2023-22474
Parse Server (Node.js backend) is affected by CVE-2023-22474 due to trusting the client IP from the x-forwarded-for header when not behind a proxy, allowing bypass of the masterKeyIps security check. The issue has been fixed in version 5.4.1, where IP address determination was rewritten and the t...