182 matches found
PT-2025-6687
Name of the Vulnerable Software and Affected Versions grub2 affected versions not specified Description A flaw in the JPEG parser allows a specially crafted JPEG file to cause incorrect bounds checking of internal buffers, leading to an out-of-bounds write. This condition could potentially allow ...
CVE-2025-22604
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ssnetsnmpdiskio or ssnetsnmpdiskbytes, a part of each OID will be used as a key in an array that is...
CVE-2024-11237
A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3vT TTV6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be...
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...
Medium: python38
Issue Overview: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which...
DEBIAN-CVE-2024-36474
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-boun...
ruby: ReDoS vulnerability in URI
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...
JSON-java: parser confusion leads to OOM
A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...
CVE-2023-6247
The PKCS7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing...
AZL-34560 CVE-2023-4408 affecting package bind for versions less than 9.19.21-1
The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects bot...
snakeyaml: Denial of Service due to missing nested depth limitation for collections
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...
CVE-2024-23904
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
VulnCheck KEV: CVE-2012-1461
The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus...
The vulnerability of the MXF-file parsers of the Gstreamer multimedia framework allows a hacker to execute arbitrary code.
The vulnerability of Gstreamer’s MXF files parser is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
GStreamer Security Vulnerability
GStreamer is a set of frameworks for processing streaming media. A security vulnerability exists in GStreamer versions prior to 1.22.7, which stems from a heap-based buffer overflow vulnerability in the AV1 codec parser when processing certain malformed streams, which can be exploited by an...
CVE-2023-44464
pretix before 2023.7.2 allows Pillow to parse EPS files...
UBUNTU-CVE-2023-28428
PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue ...
DEBIAN-CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...