PT-2022-2220

Name of the Vulnerable Software and Affected Versions Python versions prior to 3.10.0b1 Python versions prior to 3.9.5 Python versions prior to 3.8.11 Python versions prior to 3.7.11 Python versions prior to 3.6.14 Description The issue involves the urllib.parse module in Python, which does not...

DEBIAN-CVE-2021-31348

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files out-of-bounds read after a certain strcspn failure...

CVE-2021-0427

In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

OESA-2021-1125 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CVE-2021-27698

RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrcrplcontrolmessages.c through the parseoptions function...

RIOT RIOT-OS 安全漏洞

RIOT is a real-time multi-threaded IoT operating system that supports a range of devices commonly found in the Internet of Things. A buffer overflow vulnerability exists in the parseoptions function in /sys/net/gnrc/routing/rpl/gnrcrplcontrolmessages.c in RIOT version 2021.01. No detailed...

PT-2021-8037 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the validation of UDP retransmission in the Linux kernel's NFS module. Specifically, it concerns the xprt calc majortimeo function, where a shift out-of-bounds...

CVE-2021-29932

An issue was discovered in the parseduration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service CPU and memory consumption via a duration string with a large exponent...

Remote Code Execution (RCE)

@thi.ng/egf is vulnerable to remote code execution. The vulnerability exists due to EGF parse function attempting to decrypt values...

Design/Logic Flaw

Potential for arbitrary code execution in npm package @thi.ng/egf gpg-tagged property values only if decrypt: true option is enabled. PR with patch has been submitted and will has been released as of v0.4.0 By default the EGF parse functions do NOT attempt to decrypt values since GPG only availab...

7ghost (>=4.11.0 <=4.11.46), @0x18b2ee/parse-server (>=3.10.1 <=3.11.0) +2864 more potentially affected by CVE-2021-28918 +1 more via netmask (>=0.0.2 <=1.0.6)

netmask NPM version =0.0.2, =4.11.0, =3.10.1, =0.1.0, =0.1.0, =1.6.1, =0.0.1, =2.0.0, =0.0.9, =0.0.175, =0.0.81, =2.0.0, =0.9.17, =1.0.5 and more Source cves: CVE-2021-28918, CVE-2021-29418 Source advisory: OSV:GHSA-PCH5-WHG9-QR2R...

DEBIAN-CVE-2020-24994

Stack overflow in the parsetag function in libass/assparse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file...

UBUNTU-CVE-2020-24994

Stack overflow in the parsetag function in libass/assparse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file...

The vulnerability in the `dns_parse_callback` function in the `network/lookup_name.c` library for the C language, used in Linux-based embedded operating systems, allows a attacker to cause a service failure.

The vulnerability of the dnsparsecallback function in the network/lookupname.c library for the C language, used in Linux-based operating systems, relates to the lack of restrictions on the number of addresses that can be entered. Exploiting this vulnerability could allow a remote attacker to caus...

CVE-2019-9636

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

CVE-2018-3774

A flaw was found in nodejs-url-parse. The wrong hostname can be returned, due to incorrect parsing, which can lead to a variety of vulnerabilities. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

@amoy/query-components (>=1.0.0 <=1.0.8), @cortezaproject/corteza-ext-renderer (>=2020.3.0 <=2020.12.0) +46 more potentially affected by CVE-2021-23346 via html-parse-stringify (>=1.0.1 <=1.0.3)

html-parse-stringify NPM version =1.0.1, =1.0.0, =2020.3.0, =2020.3.0-rc.8, =0.3.0, =4.0.0, =2.0.7, =4.0.22, =3.0.4, =14.10.3, =1.0.0, =1.0.0, =6.9.17, =1.0.0, =3.0.0-rc.2 and more Source cves: CVE-2021-23346 Source advisory: OSV:GHSA-545Q-3FG6-48M7...

4talent-questions-shortlist (=1.3.3), @42.nl/ui (>=1.0.7 <=1.0.9) +635 more potentially affected by CVE-2021-23346 via html-parse-stringify2 (>=1.2.1 <=2.0.1)

html-parse-stringify2 NPM version =1.2.1, =1.0.7, =5.0.1, =0.1.0, =1.0.0, =0.2.0-alpha.1, =0.1.2, =0.9.9, =0.9.9, =6.3.0, =3.6.0, =0.3.1, =0.1.0, =0.3.0 and more Source cves: CVE-2021-23346 Source advisory: OSV:GHSA-545Q-3FG6-48M7...

html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

GHSA-545Q-3FG6-48M7 html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...