GHSA-7CX5-254X-CGRQ Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details

Impact The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Parse Server permits any client to execute explain queries without requiring the master key. This exposes: - Database schema...

CVE-2025-64502

Parse Server vulnerability CVE-2025-64502 arises from public explain() queries being allowed before the 8.5.0-alpha.5 release. The MongoDB Explain() output can reveal database schema, field names, index configurations, query optimization details, and execution statistics, which could aid targeted...

SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature...

SUSE-SU-2023:3888-1 Security update for Golang Prometheus

This update for Golang Prometheus fixes the following issues: golang-github-prometheus-alertmanager: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. bsc1213880 There are ...

SUSE-SU-2023:3867-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2022-32149: Fix denial of service vulnerability bsc1204501 CVE-2022-41723: Fix uncontrolled resource consumption bsc1208270 CVE-2022-46146: Fix authentication bypass vulnarability...

SUSE-SU-2023:3861-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: billing-data-service: - Version 0.3-1 Add required dependencies to package and service Change billing api datastructure Require csp-billing-adapter service cobbler: - Fix EFI PXE boot regression bsc1214124 - Fix isolinux.cfg generation in 'cobbler buildiso'...

SUSE-SU-2023:3474-1 Recommended update for SUSE Manager Server 4.2

This update fixes the following issues: hub-xmlrpc-api: - Security fix: CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. bsc1213880 + There are no direct source changes. The...

SUSE-SU-2023:3263-1 Security update for go1.19

This update for go1.19 fixes the following issues: - Update to go v1.19.12 released 2023-08-01 bsc1200441 - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. bsc1213880...

SUSE-SU-2023:3181-1 Security update for go1.20

This update for go1.20 fixes the following issues: - Update to go v1.20.7 released 2023-08-01 bsc1206346 - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. bsc1213880...

Uber: Google Maps API Key Leakage

Google allows developers/vendors to restrict the usage of these keys in several different ways, as can be read here: https://developers.google.com/maps/api-key-best-practices...