CVE-2022-32978

There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan...

CVE-2022-24969

bypass CVE-2021-25640 In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability...

Bypass of last fix

Description last fix can be bypass because in this line we should consider the case \r\r or even \r too. Proof of Concept javascript const http = require"http"; const parseUrl = require"parse-url"; const url = parseUrl'jav\r\r\rascript://%0aalert1'; console.logurl const server =...

Arbitrary Command Execution

jmespath is vulnerable to arbitrary command execution. An attacker is able to inject and execute arbitrary commands due to the unsafe usage of JSON.load where JSON.parse is preferable...

CVE-2022-32511

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

OSV-2022-452 Stack-buffer-overflow in parse_regex

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47780 Crash type: Stack-buffer-overflow READ 1 Crash state: parseregex cliregex2suffix regexlistaddpattern...

CVE-2021-42196

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traitsparse located in abc.c. It allows an attacker to cause Denial of Service...

swftools 代码问题漏洞

Swftools is a set of utilities for working with Adobe Flash files SWF files. swftools 2020-12-22 and earlier versions are vulnerable to a null pointer dereference, which stems from the presence of a NULL pointer dereference in the function traitsparse located in abc.c. An attacker could exploit...

CLSA-2022-1654106859 Fix CVE(s): CVE-2022-0391

SECURITY UPDATE: Injection attack - debian/patches/CVE-2022-0391.patch: sanitize urls in urllib.parse when it containing ASCII newline and tabs in Doc/library/urllib.parse.rst, Lib/test/testurlparse.py, Lib/urllib/parse.py. - CVE-2022-0391...

PT-2022-3342 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw in the Linux kernel's nft set desc concat parse function allows an attacker to trigger a buffer overflow, causing a denial of service and possibly allowing the execution of...

CVE-2022-29358

epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in parsespecialtag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted XML file...

epub2txt2 输入验证错误漏洞

epub2txt is a simple command-line utility for extracting text from an EPUB document and optionally rearranging it to fit a specific number of columns of text to be displayed. epub2txt2 version v2.04 is vulnerable to a denial-of-service vulnerability stemming from an integer overflow error in the...

MediaWiki Cross-site Scripting (XSS) vulnerability

In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it does...

CVE-2019-14291

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3...

Xepor - Web Routing Framework For Reverse Engineers And Security Researchers, Brings The Best Of Mitmproxy And Flask

Xepor pronounced /ˈzɛfə/ , zephyr, a web routing framework for reverse engineers and security researchers. It provides a Flask-like API for hackers to intercept and modify HTTP request and/or HTTP response in a human-friendly coding style. This project is meant to be used with mitmproxy. User wri...

PT-2022-19457 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: There is a potential for segfault / denial of service in TensorFlow by calling...

new packages: perl-Parse-PMFile

An update is available for perl-Parse-PMFile. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Symfony Arbitrary PHP code Execution

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the 1 Yaml::parse or 2 Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348...

Cross-site Scripting (XSS)

Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the parseCustomData function in the update.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...

ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0) +5847 more potentially affected by CVE-2013-4002 via xerces:xercesImpl (>=2.10.0 <=2.11.0)

xerces:xercesImpl MAVEN version =2.10.0, =1.0.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =0.2, =5.0.9, =5.1.3 and more Source cves: CVE-2013-4002 Source advisory: OSV:GHSA-7J4H-8WPF-RQFH...