170 matches found
PT-2024-29903 · Unknown +1 · Matrix-Js-Sdk +1
Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 34.3.1 Description: A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The getRoomUpgradeHistory function will infinitely recurse in this case, causing the code t...
CVE-2024-38375 @fastly/js-compute use-after-free in some host call implementations
@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and...
CVE-2024-38375 @fastly/js-compute use-after-free in some host call implementations
@fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and...
GHSA-WCHX-RM6H-7JF6 Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability...
CVE-2024-30054 Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
...
CVE-2024-30054 Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
...
CVE-2024-30054
CVE-2024-30054 concerns the Microsoft.PowerBI.JavaScript NuGet package, specifically versions prior to 2.23.1, which are vulnerable to an information disclosure via user interaction. The Nessus plugin cites a
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
...
PT-2024-3751
Name of the Vulnerable Software and Affected Versions: Microsoft Power BI Client JavaScript SDK affected versions not specified Description: The issue is related to insufficient input validation in the Power BI client JS SDK, which can be exploited by a remote attacker to gain unauthorized access...
CVE-2024-30253 Handling untrusted input can result in a crash, leading to loss of availability / denial of service
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion OOM. If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a...
CVE-2024-30253
The CVE concerns @solana/web3.js (Solana JavaScript SDK). Certain inputs can trigger memory exhaustion (OOM), causing an application or service to crash and potentially lose availability. Affected releases are numerous; remediation is to upgrade to the fixed versions listed in the advisory (examp...
CVE-2024-30253 Handling untrusted input can result in a crash, leading to loss of availability / denial of service
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion OOM. If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a...
BIT-PARSE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
CVE-2023-50249 Sentry's Astro SDK vulnerable to ReDoS
Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS Regular expression Denial of Service vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading...
CVE-2023-46729 Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint
sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has bee...
GHSA-9PRM-JQWX-45X9 Phishing attack vulnerability by uploading malicious HTML file
Impact Phishing attack vulnerability by uploading malicious files. A malicious user could upload a HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for...
Phishing attack vulnerability by uploading malicious HTML file
Impact Phishing attack vulnerability by uploading malicious files. A malicious user could upload a HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for...
CVE-2023-32689
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
Design/Logic Flaw
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...