6865 matches found
Parse Server literalizeRegexPart SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the literalizeRegexPart function. The issue results from the lack of proper...
UBUNTU-CVE-2024-40991
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix ofk3udmaglueparsechnbyid The ofk3udmaglueparsechnbyid helper function erroneously invokes "ofnodeput" on the "udmaxnp" device-node passed to it, without having incremented its reference count at a...
UBUNTU-CVE-2024-40971
In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SBINLINECRYPT flag in defaultoptions In f2fsremount, SBINLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead t...
tracing/probes: fix error check in parse_btf_field()
...
PT-2024-29196 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the of k3 udma glue parse chn by id helper function in the Linux kernel, which erroneously invokes of node put on the udmax np device-node without having...
PT-2024-40805 · Git +1 · Gpac
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash involves the functions gf hevc parse nalu bs, gf inspect dump nalu internal, and inspect...
PYSEC-2024-86
Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...
GHSA-JMP3-39VP-FWG8 Wagtail regular expression denial-of-service via search query parsing
Impact A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedly large amount of time to process, resulting in a denial of...
SUSE-SU-2024:2407-1 Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5)
This update for the Linux Kernel 5.15.21-1505001355 fixes several issues. The following security issues were fixed: - CVE-2024-26923: Fixed false-positive lockdep splat for spinlock in unixgc bsc1223683. - CVE-2024-26828: Fixed underflow in parseserverinterfaces bsc1223363...
SUSE CVE-2024-38517
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...
PT-2024-28441 · Wagtail · Wagtail
Name of the Vulnerable Software and Affected Versions: Wagtail versions prior to 5.2.6 Wagtail versions prior to 6.0.6 Wagtail versions prior to 6.1.3 Description: A bug in Wagtail's parse query string function would result in it taking a long time to process suitably crafted inputs, leading to a...
Torchbox Wagtail Security Breach
Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Torchbox Wagtail versions 5.2.6, 6.0 through 6.0.5, and 6.1 through 6.1.2, which stems from an error in parsequerystring that causes it to take a long time to process appropriatel...
PT-2024-6122 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: InPost for WooCommerce plugin versions 1.4.0 and earlier InPost PL plugin for WordPress versions 1.4.4 and earlier Description: The issue is related to a missing capability check on the parse request function, allowing unauthorized access and...
AZL-43300 CVE-2024-38517 affecting package rapidjson for versions less than 1.1.0-8
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...
AZL-45423 CVE-2024-39684 affecting package opencc 1.1.1-3
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...
AZL-43297 CVE-2024-39684 affecting package rapidjson for versions less than 1.1.0-8
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...
AZL-43245 CVE-2024-38517 affecting package rapidjson for versions less than 1.1.0-8
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...
DEBIAN-CVE-2024-38517
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...
AZL-45330 CVE-2024-38517 affecting package opencc 1.1.1-3
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...
AZL-43618 CVE-2024-39684 affecting package opencc 1.1.1-3
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...