6926 matches found
CVE-2021-32613
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS...
CVE-2021-32613
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS...
Double free
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS...
CVE-2021-32613
Radare2 (affected up to version 5.3.0) contains a double-free vulnerability in the pyc parser triggered by a crafted file, which can lead to a denial of service. The issue has been addressed upstream with a fix in version 5.3.1 (per security advisories and patch notes from multiple sources). If u...
CVE-2021-32613
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS...
CVE-2021-32613
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS...
Debian: Security Advisory (DLA-2656-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OS Command Injection
git-parse is vulnerable to OS command injection. Untrusted input in gitDiff is passed into an exec function without validation, allowing an attacker to execute arbitrary OS commands on the host OS...
GHSA-F98M-Q3HR-P5WQ Prototype Pollution in locutus
All versions of package locutus prior to version 2.0.12 are vulnerable to Prototype Pollution via the php.strings.parsestr function...
GHSA-C7M7-4257-H698 Prototype Pollution in templ8
All versions of package templ8 up to and including 0.0.44 are vulnerable to Prototype Pollution via the parse function...
Prototype Pollution in templ8
All versions of package templ8 up to and including 0.0.44 are vulnerable to Prototype Pollution via the parse function...
Path traversal
Overview url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. Recommendation Upgrade to version 1.5.0 or later References - CVE - GitHub Advisory...
Withdrawn: Arbitrary Code Execution in static-eval
All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals. PoC: var evaluate = require'static-eval'; var parse = require'esprima'.parse; var src="function x return...
0x-relayer-cat (>=0.0.3 <=0.0.10), @0x-klaytn/asset-swapper (>=4.2.1 <=4.2.2) +4508 more potentially affected by CVE-2021-27515 via url-parse (>=0.1.5 <=1.4.7)
url-parse NPM version =0.1.5, =0.0.3, =4.2.1, =2.1.0-beta.4, =5.0.0-beta, =0.1.0-beta.2, =0.0.1, =0.0.31, =0.0.1, =1.0.2, =0.1.0, =0.1.0, =1.6.1, =0.2.0, =1.0.3, =2.1.1 and more Source cves: CVE-2021-27515 Source advisory: OSV:GHSA-9M6J-FCG5-2442...
GHSA-9M6J-FCG5-2442 Path traversal in url-parse
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
Path traversal in url-parse
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
CVE-2021-26543
The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5...
CVE-2021-26543
The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5...
DEBIAN-CVE-2020-28016
Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parsefixphrase...
Command injection
The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5...