The vulnerability of the implementation of syntactic analysis for DWF format files in the Autodesk Design Review software allows a perpetrator to execute arbitrary code.

The vulnerability of the syntax analysis implementation for DWF format files in the Autodesk Design Review software lies in the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

The vulnerability of the implementation of syntactic analysis for TGA format files in the Autodesk Design Review software allows a perpetrator to execute arbitrary code.

The vulnerability of the TGA file syntax analysis implementation in the Autodesk Design Review software relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the implementation of syntactic analysis for PDF format files in the Autodesk Design Review software allows a perpetrator to execute arbitrary code.

The vulnerability of the PDF syntax analysis implementation of the Autodesk Design Review software relates to data type conversion errors. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

The vulnerability of the implementation of syntax analysis for TIF format files in the Autodesk Design Review software allows a perpetrator to execute arbitrary code.

The vulnerability of the TIF file syntax analysis implementation in the Autodesk Design Review software relates to the writing of data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

The vulnerability of the dynamically linked library jutil.dll, a set of tools for design and simulation in Siemens Solid Edge, allows a perpetrator to execute arbitrary code.

The vulnerability of the dynamically linked library jutil.dll, which is part of the Siemens Solid Edge design and simulation tools, relates to writing beyond buffer boundaries in memory during DFT file syntax analysis. Exploiting this vulnerability could allow an attacker to execute arbitrary cod...

The vulnerability of the mysql-wsrep component of the MariaDB database lies in errors during the processing of input data during syntax analysis. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the mysql-wsrep component of the MariaDB database is related to errors in processing input data during syntax analysis of the code. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-2054)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-32723

Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service ReDoS. When Prism is used to highlight untrusted user-given text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fix...

CVE-2021-32723

Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service ReDoS. When Prism is used to highlight untrusted user-given text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fix...

CVE-2021-32723

Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service ReDoS. When Prism is used to highlight untrusted user-given text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fix...

Design/Logic Flaw

Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service ReDoS. When Prism is used to highlight untrusted user-given text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fix...

CVE-2021-32723

PrismJS Prism before v1.24.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when highlighting untrusted text. Specifically, ASCIIDoc and ERB are susceptible to crafted input that can cause excessive highlighting time; other languages are not affected. The vulnerability has been fix...

Mermaid Cross-Site Scripting Vulnerability

Mermaid is a Javascript-based drawing tool that uses a Markdown-like syntax to allow users to easily and quickly create diagrams from code.A cross-site scripting vulnerability exists in versions of Mermaid prior to 8.11.0 when using antiscript features. No details of the vulnerability are current...

The vulnerability of the application for 3D modeling and Paint 3D printing relates to the execution of operations beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the application for 3D modeling and Paint 3D printing is related to the execution of operations beyond the buffer in memory during the syntactic analysis of GLB and STL files. Exploiting this vulnerability allows a attacker to execute arbitrary code using a specially created...

Cross-site Scripting in wagtail

Impact When the % includeblock % template tag is used to output the value of a plain-text StreamField block CharBlock, TextBlock or a similar user-defined block derived from FieldBlock, and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This...

The vulnerability of the uglify-js library in the Aurora application software allows a hacker to execute arbitrary code by exploiting syntax errors in input data.

The vulnerability of the uglify-js library in the Avrora software application is related to syntax checking errors in input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted Java script...

in mcfriend99/bird

✍️ Description Heap-based 1-byte write violation. Certain programs can cause the parser/syntax-checker to write out of bounds. The below program writes a single byte out of bounds. 🕵️‍♂️ Proof of Concept Program: var a = 'outer' def test var a = 'inner' echo 'It works! $a' echo a echo test test def...

Oracle Linux 8 : raptor2 (ELSA-2021-1842)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1842 advisory. - Resolves: rhbz1900904 CVE-2020-25713 raptor2: malformed input file can lead to a segfault - Resolves: rhbz1896534 CVE-2017-18926 raptor: heap-based...

Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-1887)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

raptor: heap-based buffer overflows due to an error in calculating the maximum nspace declarations for the XML writer

raptorxmlwriterstartelementcommon in raptorxmlwriter.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows sometimes seen in raptorqnameformatasxml...