21 matches found
BIT-PARSE-2026-33429 Parse Server: Protected field change detection oracle via LiveQuery watch parameter
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.54 and 9.6.0, an attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped from event...
CVE-2026-33429
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.54 and 9.6.0-alpha.43, an attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped...
CVE-2026-33429
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.54 and 9.6.0-alpha.43, an attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped...
CVE-2026-33429
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.54 and 9.6.0-alpha.43, an attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped...
CVE-2026-33429 Parse Server: Protected field change detection oracle via LiveQuery watch parameter
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.54 and 9.6.0-alpha.43, an attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped...
CVE-2026-33429
Parse Server exposes a protected-field information leak via LiveQuery watch parameter. Prior to versions 8.6.54 and 9.6.0-alpha.43, an attacker can subscribe with watch targeting a protected field; while the field value is stripped from payloads, the presence or absence of update events creates a...
CVE-2026-33429 Parse Server: Protected field change detection oracle via LiveQuery watch parameter
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.54 and 9.6.0-alpha.43, an attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped...
CVE-2022-25650
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.27, Mendix Applications using Mendix 8 All versions V8.18.14, Mendix Applications using Mendix 9 All versions V9.12.0, Mendix Applications using Mendix 9 V9.6 All versions V9.6.3. When querying the...
Null pointer dereference
jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...
Parsing JSON serialized payload without protected field can lead to segfault
Summary Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. Details This seems to also affect other functions that calls Parse internally, like jws.Verify. My understanding of these functions from t...
PT-2024-19006 · Jwx · Jwx
Name of the Vulnerable Software and Affected Versions: jwx versions prior to 1.2.28 jwx versions prior to 2.0.19 Description: The issue arises when calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent, leading to a nil pointer dereference...
CVE-2022-25650
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.27, Mendix Applications using Mendix 8 All versions V8.18.14, Mendix Applications using Mendix 9 All versions V9.12.0, Mendix Applications using Mendix 9 V9.6 All versions V9.6.3. When querying the...
CVE-2022-25650
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.27, Mendix Applications using Mendix 8 All versions V8.18.14, Mendix Applications using Mendix 9 All versions V9.12.0, Mendix Applications using Mendix 9 V9.6 All versions V9.6.3. When querying the...
CVE-2022-25650
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.27, Mendix Applications using Mendix 8 All versions V8.18.14, Mendix Applications using Mendix 9 All versions V9.12.0, Mendix Applications using Mendix 9 V9.6 All versions V9.6.3. When querying the...
Design/Logic Flaw
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.27, Mendix Applications using Mendix 8 All versions V8.18.14, Mendix Applications using Mendix 9 All versions V9.12.0, Mendix Applications using Mendix 9 V9.6 All versions V9.6.3. When querying the...
PT-2022-3547 · Mendix · Mendix
Name of the Vulnerable Software and Affected Versions: Mendix Applications using Mendix 7 versions prior to 7.23.27 Mendix Applications using Mendix 8 versions prior to 8.18.14 Mendix Applications using Mendix 9 versions prior to 9.12.0 Mendix Applications using Mendix 9 V9.6 versions prior to...
Siemens Mendix 安全漏洞
Mendix is a high-productivity application platform that enables you to build and continuously improve mobile and large-scale Web applications. Siemens Mendix is vulnerable to an access control error that could be exploited by an attacker to extract information about the content of protected field...
OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3194-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3194-1 advisory. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly...
OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...