AZL-43315 CVE-2024-39684 affecting package ceph for versions less than 16.2.10-5

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...

UBUNTU-CVE-2024-39684

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...

kernel: smb: client: fix potential OOBs in smb2_parse_contexts()

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h file. An attacker can elevate privileges by sending a crafted file that triggers the overflow when parsed. Remediation There is...

BIT-PARSE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

The vulnerability of the ParseAddressList function in the net/mail package in the Go programming language, which allows attackers to perform spoofing attacks.

The vulnerability of the ParseAddressList function in the net/mail package in the Go programming language is related to insufficient checking of the names displayed by this function. Exploitation of this vulnerability could allow a malicious actor to perform spear-phishing attacks by sending...

Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the literalizeRegexPart function. The issue results from the lack of proper validation of a...

Prototype Pollution

adolphdudu/ratio-swiper is vulnerable to Prototype Pollution. The vulnerability is due to by passing crafted arguments with the proto property using functions like extendDefaults and parse. The vulnerability allows attackers to alter the behavior of all objects inheriting from the affected...

SQL Injection

parse-server is vulnerable to SQL Injection. The vulnerability is due to improper handling of user-supplied input when configured with the PostgreSQL database, allowing malicious SQL queries to be executed...

CVE-2024-39309

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

CVE-2024-39309

Parse Server (Node.js) prior to versions 6.5.7 and 7.1.0 is vulnerable to SQL injection when configured with PostgreSQL. The issue stems from how user input is handled in the PostgreSQL path, and the detection algorithm was improved in 6.5.7 and 7.1.0. Remediation is to upgrade to the fixed relea...

ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r -...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +25 more potentially affected by CVE-2024-39309 via parse-server (>=2.0.8 <=6.5.11)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2024-39309 Source advisory: OSV:GHSA-C2HR-CQG6-8J6R...

GHSA-C2HR-CQG6-8J6R ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r -...

CVE-2024-39853

adolphdudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39000

adolphdudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the parseFromZipFile function, which will copy the file in zip to a temporary directory without verifying the file path, and the file can be written to an arbitrary path. Details ...