golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

ruby: Cookie prefix spoofing in CGI::Cookie.parse

A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...

OESA-2022-1789 protobuf-c security update

This is protobuf-c, a C implementation of the Google Protocol Buffers data serialization format. Security Fixes: Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the nasmparserdirective function in modules/parsers/nasm/nasm-parse.c. Remediation There is no fixed version for yasm. References - GitHub Gist - GitHub Issue Credit: Clingto...

Stack overflow

An issue was discovered in mjs mJS: Restricted JavaScript engine, ES6 JavaScript version 6. There is stack buffer overflow in jsonparsearray in mjs.c...

Prototype Pollution

js-ini is vulnerable to prototype pollution. The vulnerability exists in parse function in index.ts and parse.ts due to lack of validations which allows an attacker to send malicious INI files on the application to cause a pollution on prototype...

GHSA-M939-VRFP-9V8P js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`

This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

GHSA-7VRV-5M2H-RJW9 ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...

CVE-2020-28462

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

CVE-2020-28462 Prototype Pollution

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

CVE-2020-28461 Prototype Pollution

This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

PT-2022-8904 · Unknown · Ion-Parser

Name of the Vulnerable Software and Affected Versions: ion-parser versions all Description: The issue affects the ion-parser package, where an attacker can submit a malicious INI file to an application that uses the parse function, leading to prototype pollution on the application. This can be...

UBUNTU-CVE-2022-1925

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gstmatroskadecompressdata function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however t...

Fedora: Security Advisory for httpdump (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: httpdump-0-0.6.20200714gite6fa868.fc35

Capture and parse HTTP traffic...

[SECURITY] Fedora 35 Update: golang-github-andybalholm-cascadia-1.2.0-6.fc35

The Cascadia package implements CSS selectors for use with the parse trees produced by the html package...

Updated golang packages fix security vulnerability

net/http: improper sanitization of Transfer-Encoding header The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a "chunked" encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also improperly failed to...

Regular Expression Denial Of Service (ReDoS)

jquery-validation is vulnerable to regular expression denial of service. The vulnerability exists in the url parse function in src/core.js, and due to insufficient regular expression complexity checks an attacker can cause a ReDoS when supplying input to the url parse function. This CVE exists du...

The vulnerability of the Apple Game Center authentication adapter allows a hacker to bypass the authentication process. This vulnerability is due to syntactic analysis by the Parse Server.

The vulnerability of the Apple Game Center authentication adapter relates to the lack of certificate verification. Exploiting this vulnerability allows a malicious actor to bypass the authentication process using a fake certificate...