CVE-2020-8124

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

UBUNTU-CVE-2020-8124

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

CVE-2020-8124

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

CVE-2020-8124

CVE-2020-8124 refers to a vulnerability in the url-parse npm package (versions

PT-2020-19961 · Npm +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions 1.4.4 and earlier Description: The issue is related to insufficient validation and sanitization of user input in the url-parse npm package, which may allow an attacker to bypass security checks. Recommendations: For version...

Cross-Site Scripting (XSS)

url-parse is vulnerable to cross-site scripting XSS. The vulnerability exists as the unsanitized value of address in index.js could be used to bypass validation checks when used in the browser...

Fedora: Security Advisory for podofo (FEDORA-2020-dd79b615cd)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: podofo-0.9.6-9.fc31

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1549)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c

A flaw was found in the mwifiex implementation in the Linux kernel. A system connecting to wireless access point could be manipulated by an attacker with advanced permissions on the access point into localized memory corruption or possibly privilege escalation...

The vulnerability of the XML_PARSE_HUGE configuration in the console-based ImageMagick graphics editor allows a attacker to trigger a service failure.

The vulnerability of the XMLPARSEHUGE configuration in the console-based ImageMagick graphics editor is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker to cause service failures remotely...

The vulnerability of the predicate_parse() function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the predicateparse function kernel/trace/traceeventsfilter.c in the Linux operating system is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Denial Of Service (DoS)

libsass.so is vulnerable to buffer over-read vulnerability. When an attacker passes a malicious argument, it causes a parse error in parseiekeywordarg, leading to the argument kwdarg to be unfreed and a buffer over-read...

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...

ROS communications-related packages input validation error vulnerability

ROS communications-related packages is a package related to ROS Robot Operating System communications. An input validation error vulnerability exists in parseOptions in the tools/rosbag/src/record.cpp file in ROS communications-related packages version 1.14.3 and earlier. The vulnerability stems...

DEBIAN-CVE-2019-20201

An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxmlparse functions mishandle XML entities, leading to an infinite loop in which memory allocations occur...

DEBIAN-CVE-2019-20162

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gfisomboxparseex in isomedia/boxfuncs.c...

UBUNTU-CVE-2019-20160

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1parsetilegroup in mediatools/avparsers.c...