OTFCC Buffer Overflow Vulnerability (CNVD-2023-11782)

OTFCC is a C library and utility open sourced by Caryll. It is used to parse and write OpenType font files.OTFCC 0.10.4 and earlier versions have a buffer overflow vulnerability that originates in /release-x64/otfccdump 0x6b84b1 with a boundary error when processing untrusted input, which can be...

PT-2022-24895 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.17 Parse Server versions prior to 5.2.8 on the 5.x branch Description: The issue occurs when a file download request is received with an invalid byte range, causing the server to crash and resulting in a...

DEBIAN-CVE-2022-3533

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parseusdtarg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument regname leads to memory leak. It is recommended to apply a patch to fix this issue. The...

DEBIAN-CVE-2022-41715

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consu...

AZL-33583 CVE-2022-32149 affecting package gh for versions less than 2.13.0-22

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

CVE-2022-32149

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-33572 CVE-2022-32149 affecting package cf-cli for versions less than 8.4.0-21

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-45108 CVE-2022-32149 affecting package buildah for versions less than 1.41.4-2

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-33565 CVE-2022-32149 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-22

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-34839 CVE-2022-32149 affecting package keda for versions less than 2.14.0-1

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-44613 CVE-2022-32149 affecting package podman for versions less than 5.6.1-2

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-33608 CVE-2022-32149 affecting package libcontainers-common for versions less than 20210626-6

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-45162 CVE-2022-32149 affecting package containernetworking-plugins for versions less than 1.6.1-4

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-43954 CVE-2022-32149 affecting package podman 4.1.1-26

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

DEBIAN-CVE-2022-32149

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

DEBIAN-CVE-2022-41550

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osipbodyparseheader...

UBUNTU-CVE-2022-41550

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osipbodyparseheader...

ruby: Cookie prefix spoofing in CGI::Cookie.parse

A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

GNU oSIP 输入验证错误漏洞

GNU oSIP is the GNU Foundation's free software library for VoIP applications that implement lower-level session-initiation protocols. The library contains the minimum code base required for any SIP application and provides enough flexibility to implement any SIP extension or behavior. A security...