UBUNTU-CVE-2020-12425

Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...

OSV-2020-279 Global-buffer-overflow in lex_multiline_string

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18562 Crash type: Global-buffer-overflow READ 3 Crash state: lexmultilinestring lexnext parsekeyvalue...

CVE-2020-15365

LibRaw before 0.20-Beta3 has an out-of-bounds write in parseexif in metadata\exifgps.cpp via an unrecognized AtomName and a zero value of tiffnifds...

UBUNTU-CVE-2020-15365

LibRaw before 0.20-Beta3 has an out-of-bounds write in parseexif in metadata\exifgps.cpp via an unrecognized AtomName and a zero value of tiffnifds...

The vulnerability of the parse function in the .ini parsing library .ini-parser, a package manager in NPM, allows a hacker to execute arbitrary code.

The vulnerability of the parse function in the .ini parsing library “ini-parser” from the NPM package is due to an uncontrolled resource consumption. Exploiting this vulnerability could allow a attacker to execute arbitrary code...

OSV-2020-146 Heap-buffer-overflow in Json::OurReader::parse

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21916 Crash type: Heap-buffer-overflow READ 1 Crash state: Json::OurReader::parse Json::OurCharReader::parse fuzz.cpp...

The vulnerability of the dlpar_parse_cc_property function (arch/powerpc/platforms/pseries/dlpar.c) in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the dlparparseccproperty function arch/powerpc/platforms/pseries/dlpar.c in the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

monero:load-from-json_fuzz_tests: Global-buffer-overflow in epee::misc_utils::parse::match_string2

Project: https://github.com/monero-project/monero.git Detailed Report: https://oss-fuzz.com/testcase?key=5096090558005248 Project: monero Fuzzing Engine: libFuzzer Fuzz Target: load-from-jsonfuzztests Job Type: libfuzzerasanmonero Platform Id: linux Crash Type: Global-buffer-overflow READ 1 Crash...

ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0) +5847 more potentially affected by CVE-2012-0881 via xerces:xercesImpl (>=2.10.0 <=2.11.0)

xerces:xercesImpl MAVEN version =2.10.0, =1.0.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =0.2, =5.0.9, =5.1.3 and more Source cves: CVE-2012-0881 Source advisory: OSV:GHSA-VMQM-G3VH-847M...

CVE-2020-0171

In Parselart of easmdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313223...

UBUNTU-CVE-2020-11937

In whoopsie, parsereport from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1...

Prototype Pollution in ini-parser

All versions of ini-parser are vulnerable to prototype pollution. The parse function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Conside...

GHSA-96R7-MRQF-JHCC Prototype Pollution in ini-parser

All versions of ini-parser are vulnerable to prototype pollution. The parse function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Conside...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

Design/Logic Flaw

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

CVE-2020-13871

SQLite 3.32.2 is affected by a use-after-free in resetAccumulator (select.c) due to a late parse tree rewrite for window functions. Impact could include a crash or arbitrary code execution. Remediation: upgrade to SQLite 3.32.3 or later (fix upstream).

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...

CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late...