CLSA-2026-1776430169 libarchive: Fix of CVE-2026-5745

CVE-2026-5745: fix NULL pointer dereference in ACL parsing in archiveaclfromtextw...

CVE-2026-30830

Summary of technical details (Defuddle CVE-2026-30830): The vulnerability arises in the findContentBySchemaText path of Defuddle (src/defuddle.ts) where image src and alt attributes are interpolated into HTML via a string template without escaping. If the image’s alt attribute contains a quotatio...

CVE-2026-27692

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release when strlen reads past a heap buffer while parsing ICC profile XML text description tags,...

EUVD-2026-8641

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release when strlen reads past a heap buffer while parsing ICC profile XML text description tags,...

Azure Linux 3.0 Security Update: multus (CVE-2020-28852)

The version of multus installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28852 advisory. - In x/text in Go before v0.3.5, a slice bounds out of range panic occurs in language.ParseAcceptLanguage whil...

CVE-2020-26306

Knwl.js (JavaScript) versions 1.0.2 and earlier are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient regular expressions. No patches were available at the time of publication. The issue affects text parsing of dates, times, phone numbers, emails, and locations; exploi...

PT-2024-10796 · Knwl.Js · Knwl.Js

Name of the Vulnerable Software and Affected Versions: Knwl.js versions 1.0.2 and prior Description: The issue concerns a Regular Expression Denial of Service ReDoS in the Knwl.js library, which is used for parsing text to extract information such as dates, times, phone numbers, and more. No...

CVE-2024-20848

Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory...

DEBIAN-CVE-2020-28852

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

CVE-2019-8761

CVE-2019-8761 affects macOS Catalina (and related Security Updates). A vulnerability arises from parsing a maliciously crafted text file, potentially leading to disclosure of user information. The issue has been fixed in macOS Catalina 10.15.1 and Security Updates 2019-001 and 2019-006. Affected ...

Adobe Acrobat Pro DC XPS PNG tEXT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

WolfSSL library X509 Certificate Text Parsing Code Execution Vulnerability(CVE-2017-2800)

Summary An exploitable off-by-one write vulnerability exists in the x509 certificate parsing functionality of wolfSSL library versions up to 3.10.2. A specially crafted x509 certificate can cause a single out of bounds byte overwrite resulting in potential certificate validation vulnerabilities,...

Apple OS X Notes Cross-Site Scripting Vulnerability

Apple OS X is an operating system developed by Apple Inc. A cross-site scripting issue exists in the parsing of text by the Apple OS X Notes application, which allows local users to exploit a vulnerability to obtain sensitive user information...

[DomainHostingView] Show domain hosting information

DomainHostingView is a utility for Windows that collects extensive information about a domain by using a series of DNS and WHOIS queries, and generates HTML report that can be displayed in any Web browser. The information displayed by the report of DomainHostingView includes: the hosting company ...

ruby: entity expansion DoS vulnerability in REXML

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

chasen library buffer overflow

Buffer overflow on text string parsing...

Microsoft Patches Worm Holes in Mail Server, Visual Basic for Apps

Microsoft today issued patches for a pair of critical remote code execution vulnerabilities in Windows and Microsoft Office and urged affected users to apply the fixes as soon as possible. The most serious issue, addressed in the MS10-030 bulletin, affects Outlook Express, Windows Mail and Window...

GLSA-200712-08 : AMD64 x86 emulation Qt library: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200712-08 AMD64 x86 emulation Qt library: Multiple vulnerabilities The Qt versions used by the AMD64 x86 emulation Qt libraries were vulnerable to several flaws GLSA 200708-16, GLSA 200710-28 Impact : An attacker could trigger one...