CVE-2022-24910

A buffer overflow vulnerability exists in the httpd parsepingresult API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

OSV-2022-410 Heap-buffer-overflow in Assimp::ASE::Parser::ParseLV1SoftSkinBlock

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47392 Crash type: Heap-buffer-overflow READ 1 Crash state: Assimp::ASE::Parser::ParseLV1SoftSkinBlock Assimp::ASE::Parser::Parse Assimp::ASEImporter::InternReadFile...

InHand Networks InRouter302 缓冲区错误漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A buffer overflow vulnerability exists in InHand Networks InRouter302 version V3.5.4, which stems from the httpd parsepingresult API function A boundary error occurs when handling untrusted input, which can be...

XML External Entity (XXE)

WSO2 Carbon Event Publisher is vulnerable to XML External Entity. The vulnerability exists in event receiver and publisher configurations due to not enabling the secure processing feature for XML parsing which allows an attacker to cause parse malicious XML into the system...

golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension

A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...

kernel: drm/amdkfd: NULL pointer dereference in kfd_parse_subtype_iolink()

An issue was discovered in the Linux kernel through 5.16-rc6. kfdparsesubtypeiolink in drivers/gpu/drm/amd/amdkfd/kfdcrat.c lacks check of the return value of kmemdup...

python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

DEBIAN-CVE-2022-29340

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gfisomparsemovieboxesinternal due to improper return value handling of GFSKIPBOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad...

UBUNTU-CVE-2022-29340

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gfisomparsemovieboxesinternal due to improper return value handling of GFSKIPBOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad...

Authentication Bypass

parse-server is vulnerable to authentication bypass. An attacker is able to bypass the authentication because of lack of proper validation and checks for Apple certificate URL in the Apple Game Center authentication adapter, leading to application crash...

Denial Of Service (DoS)

parse-server is vulnerable to authentication bypass. An attacker is able to bypass the authentication because of lack of proper validation and checks for Apple certificate URL in the Apple Game Center authentication adapter, leading to application crash...

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. A code issue vulnerability exists in GPAC version 2.1-DEV-rev87-g053aae8-master, which stems from a null pointer dereference vulnerability due to improper handling of the return value of GFSKIPBOX in the application gfisomparsemovieboxesinternal. An...

EulerOS Virtualization 2.9.0 : ruby (EulerOS-SA-2022-1637)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 f...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-24901 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-24901 Source advisory: OSV:GHSA-QF8X-VQJV-92GR...

parse-community parse-server 信任管理问题漏洞

parse-server is an open source Backend-as-a-Service BaaS framework that is primarily used for application backend processing. A security vulnerability exists in parse-community parse-server that stems from an authentication adapter that does not properly validate the Apple certificate URL. An...

CVE-2022-23400

A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An...

UBUNTU-CVE-2022-1475

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729parse in llibavcodec/g729parser.c when processing a specially crafted file...

FFmpeg 输入验证错误漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. FFmpeg suffers from an integer overflow vulnerability that stems from a failure to properly validate data length in the g729parse function when processing specially crafted files. An attack...

DEBIAN-CVE-2022-1534

Buffer Over-read at parserawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash...

PT-2022-6744 · Unknown +5 · Protobuf-C +5

Name of the Vulnerable Software and Affected Versions: Protobuf-c version 1.4.0 Description: The issue is related to an invalid arithmetic shift via the parse tag and wiretype function in protobuf-c/protobuf-c.c, which can cause a Denial of Service DoS via unspecified vectors. This is also...