CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

libexpat: expat: DoS via XML_ResumeParser

A security issue was found in Expat libexpat. A crash can be triggered in the XMLResumeParser function due to XMLStopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service...

BIT-NODE-MIN-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-2825)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field,...

RHEL 6 : openstack-nova (RHSA-2013:1199)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1199 advisory. The openstack-nova packages provide OpenStack Compute Nova, which provides services for provisioning, managing, and using virtual machine...

AZL-51684 CVE-2024-50602 affecting package expat for versions less than 2.6.3-2

An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser...

GHSA-P28X-HJ68-7VFP Ryu Infinite Loop vulnerability

An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service DoS infinite loop...

SUSE-SU-2024:0595-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parser of e-mail addresses which contain a special character bsc1210638...

CVE-2023-34868

Jerryscript 3.0 commit 05dbbd1 was discovered to contain an Assertion Failure via the parserparseforstatementstart at jerry-core/parser/js/js-parser-statm.c...

CVE-2023-34868

Jerryscript 3.0 commit 05dbbd1 was discovered to contain an Assertion Failure via the parserparseforstatementstart at jerry-core/parser/js/js-parser-statm.c...

PT-2023-25040 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version 3.0 commit 05dbbd1 Description: The issue is related to an Assertion Failure in the parser parse for statement start function at jerry-core/parser/js/js-parser-statm.c. This failure can occur due to a problem in the parsin...

The vulnerability of the XML_ExternalEntityParserCreate function in the XML syntax analyzer library libexpat allows a attacker to cause a service failure.

The vulnerability of the XMLExternalEntityParserCreate function in the XML syntax analyzer library libexpat is related to the possibility of being exploited after release. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2023-22916

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50W firmware versions 5.10 through 5.35, USG20W-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails ...

PT-2023-8181 · Zyxel · Zyxel Usg Flex Series +4

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 5.10 through 5.35 Zyxel USG FLEX series versions 5.00 through 5.35 Zyxel USG FLEX 50W versions 5.10 through 5.35 Zyxel USG20W-VPN versions 5.10 through 5.35 Zyxel VPN series versions 5.00 through 5.35 Description: Th...

Jenkins Plugins Visual Studio Code Metrics 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugins A securit...

PT-2023-21713 · Pdfio +1 · Pdfio +1

Name of the Vulnerable Software and Affected Versions: PDFio versions 1.1.0 and prior Description: A denial of service issue exists in the pdfio parser, where crafted PDF files can cause the program to run at 100% utilization and never terminate. Recommendations: For PDFio versions 1.1.0 and prio...

CVE-2023-26479 org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions

XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is not handled well by the parser. As a consequence, some pages becomes unusable, including the user index if the page containing the faulty content is a user page and t...

SUSE CVE-2017-15705

A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and...

CVE-2022-31743

Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox 101...