960.css (=1.0.0), @4site/engrid-styles (>=0.2.19 <=0.2.24) +124 more potentially affected by CVE-2021-23343 via path-parse (>=1.0.5 <=1.0.6)

path-parse NPM version =1.0.5, =0.2.19, =0.1.1, =7.0.0, =0.2.0, =0.17.0, =0.17.0, =0.19.0, =0.17.0, =0.23.0, =0.17.0, =0.17.0, =0.17.1 - @choerodon/issue =0.17.0 and more Source cves: CVE-2021-23343 Source advisory: OSV:GHSA-HJ48-42VR-X3V9...

Regular Expression Denial of Service in path-parse

Affected versions of npm package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

GHSA-HJ48-42VR-X3V9 Regular Expression Denial of Service in path-parse

Affected versions of npm package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

CVE-2021-23419 Prototype Pollution

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

CVE-2021-23419

Open-Graph (node-open-graph) prior to 0.2.6 is vulnerable to prototype pollution via the parse function, which can be tricked into adding or modifying properties on Object.prototype using a proto or constructor payload. This can lead to unintended behavior or security issues. Remediation: upgrade...

node-open-graph 安全漏洞

node-open-graph is the open source Node.js implementation of Open Graph. node-open-graph versions prior to 0.2.6 have a security vulnerability that could be exploited by an attacker to use proto or constructor load to spoof the function parse to add or modify Object.prototype's properties...

PT-2021-15507 · Unknown · Open-Graph

Name of the Vulnerable Software and Affected Versions: open-graph versions prior to 0.2.6 Description: The issue affects the parse function, which can be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload. This could potentially lead to unintended...

php: Use of freed hash key in the phar_parse_zipfile function

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, pharparsezipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure...

CVE-2021-3664

An input validation flaw was found in the nodejs url-parse library, which incorrectly parses a URL that contains backslashes. This flaw allows an attacker to specify a relative URL and cause the browser to redirect to a malicious website. The highest threat from this vulnerability is to integrity...

SUSE: Security Advisory (SUSE-SU-2021:2555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-25801

A buffer overflow vulnerability in the Parseindx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file...

UBUNTU-CVE-2021-25801

A buffer overflow vulnerability in the Parseindx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file...

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

DEBIAN-CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

UBUNTU-CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

CVE-2021-3664 Open Redirect in unshiftio/url-parse

url-parse is vulnerable to URL Redirection to Untrusted Site...

PT-2021-21304 · Npm +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse affected versions not specified Description: The issue concerns URL redirection to untrusted sites. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or othe...

VideoLAN VLC Media Player 缓冲区错误漏洞

VideoLAN VLC is an open source cross-platform multimedia player and framework that can play most multimedia files, as well as DVDs, audio CDs, VCDs and various streaming protocols.The Parseindx component in VideoLAN VLC version 3.0.11 suffers from a buffer overflow vulnerability that can be...