6932 matches found
parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url
A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue...
OSV-2022-1008 Heap-buffer-overflow in cli_js_parse_done
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52038 Crash type: Heap-buffer-overflow READ 4 Crash state: clijsparsedone clihtmlnormalise htmlnormalisemap...
LIEF 安全漏洞
LIEF is a cross-platform library from the personal developer Romain Thomas. Used for parsing, modifying and abstracting Elf, Pe and MachO formats, a denial of service vulnerability exists in LIEF v0.12.1, which stems from a failure to properly handle incoming error messages in the initandparse...
PT-2022-36659 · Git +1 · Haproxy
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash occurs in the parse line function, which is called by readcfgfile in the fuzz cfg parser...
css-what vulnerable to ReDoS due to use of insecure regular expression
The package css-what before 2.1.3 is vulnerable to Regular Expression Denial of Service ReDoS due to the use of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
GHSA-P28H-CC7Q-C4FG css-what vulnerable to ReDoS due to use of insecure regular expression
The package css-what before 2.1.3 is vulnerable to Regular Expression Denial of Service ReDoS due to the use of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
CVE-2022-21222
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
UBUNTU-CVE-2022-21222
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
UBUNTU-CVE-2022-41841
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4File::ParseStream in Core/Ap4File.cpp, which is called from AP4File::AP4File...
CVE-2022-21222 Regular Expression Denial of Service (ReDoS)
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
CVE-2022-21222
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
CVE-2022-21222
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
Bento4 代码问题漏洞
Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version 1.6.0-639, which stems from a null pointer dereference in AP4File::ParseStream in Core/Ap4File.cpp. An attacker could exploit the vulnerability to cause a denial of...
PT-2022-37326 · Git +1 · Fluent-Bit
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 4 crash has been reported. The crash involves the onig node str cat function, and the call stack includes parse exp and parse...
Authentication Bypass
parse-server is vulnerable to authentication bypass. The vulnerability exists in validateAppId function in facebook.js and spotify.js because the appIds in server-side authentication adapter configuration is set as a string which allows an attacker to send requests from different appIds and get...
OESA-2022-1963 htslib security update
HTSlib is an implementation of a unified C library for accessing common file formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data, and is the core library used by samtools and bcftools. HTSlib only depends on zlib. It is known to be compatible with gcc, g++ and clang. HTSl...
OESA-2022-1962 htslib security update
HTSlib is an implementation of a unified C library for accessing common file formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data, and is the core library used by samtools and bcftools. HTSlib only depends on zlib. It is known to be compatible with gcc, g++ and clang. HTSl...
CVE-2022-39231
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for Facebook and Spotify may be circumvented. Configurations which allow users to...
Authentication flaw
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for Facebook and Spotify may be circumvented. Configurations which allow users to...
CVE-2022-39231 Parse Server subject to Improper Authentication allowing Auth adapter app ID validation to be circumvented
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for Facebook and Spotify may be circumvented. Configurations which allow users to...