DEBIAN-CVE-2022-37049

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parsempls at common/get.c:150. NOTE: this is different from CVE-2022-27942...

CVE-2022-37049

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parsempls at common/get.c:150. NOTE: this is different from CVE-2022-27942...

UBUNTU-CVE-2022-37768

libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer...

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

libjpeg 安全漏洞

libjpeg is a C language library for processing JPEG format image data. It includes JPEG decoding, JPEG encoding, and other JPEG functions. A security vulnerability exists in libjpeg commit number: 281daa9 that stems from an infinite loop in its Frame::ParseTrailer component...

Appneta Tcpreplay 缓冲区错误漏洞

Appneta Tcpreplay is a suite of open source utilities for editing and replaying network traffic on UNIX-based operating systems from Appneta, Inc. A security vulnerability exists in Tcpreplay version v4.4.1, which stems from a heap-based buffer overflow contained in parsempls in common/get.c:150 ...

Remote Code Execution

react-editable-json-tree is vulnerable to remote code execution.The vulnerability exists in onSubmitValueParser prop which calls parse function in src/utils/parse.js because of missing sanitization of the parse parameters which allows a remote attacker to inject and execute malicious code into th...

CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree

This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...

Microsoft Windows Parse Server Prototype Pollution (CVE-2022-24760)

A prototype pollution vulnerability exists in Microsoft Windows Parse Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2022-1962

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...

CVE-2022-1962

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...

Design/Logic Flaw

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

CVE-2022-1962

CVE-2022-1962 involves go/parser: Uncontrolled recursion in the Parse functions can cause a panic due to stack exhaustion when processing deeply nested types or declarations. Affected: Go's parser (go/parser) prior to Go 1.17.12 and Go 1.18.4. Impact: potential denial of availability via panics. ...

CVE-2022-1962

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...

CVE-2022-1962 Stack exhaustion due to deeply nested types in go/parser

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...

Cross site scripting

A Cross-site scripting XSS vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the getproducts?search parameter...

Crow 安全漏洞

Crow is a C++ microframework for running web services. A security vulnerability exists in Crow v1.0+4, which stems from a buffer overflow discovered via the qsparse function. An attacker could exploit this vulnerability to cause a Denial of Service DoS via specially crafted input...

mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations

MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...