VulnCheck KEV: CVE-2022-0185

Linux kernel contains a heap-based buffer overflow vulnerability in the legacyparseparam function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +25 more potentially affected by CVE-2024-29027 via parse-server (>=2.0.8 <=6.5.11)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2024-29027 Source advisory: OSV:GHSA-6HH7-46R2-VF29...

Server crashes on invalid Cloud Function or Cloud Job name

Impact Calling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection. Patches Added string sanitation for Cloud Function name and Cloud Job name. Workarounds Sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server...

GHSA-6HH7-46R2-VF29 Server crashes on invalid Cloud Function or Cloud Job name

Impact Calling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection. Patches Added string sanitation for Cloud Function name and Cloud Job name. Workarounds Sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server...

CVE-2024-29027

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

CVE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

CVE-2024-29027

Parse Server vulnerability CVE-2024-29027 affects versions prior to 6.5.5 and 7.0.0-alpha.29, where calling an invalid Cloud Function name or Cloud Job name can crash the server and may allow code injection, internal store manipulation, or remote code execution. The fix was implemented in 6.5.5 a...

CVE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

CVE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

Parse Server Injection Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An injection vulnerability exists in Parse Server before 6.5.5, 7.0.0-alpha.29, which stems from the fact that a call to an invalid Parse Server Cloud Function name or Cloud Job name can cause...

PT-2024-22680 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 6.5.5 and 7.0.0-alpha.29 Description: The issue arises when an invalid Parse Server Cloud Function name or Cloud Job name is called, potentially leading to code injection, internal store manipulation, or remote...

DEBIAN-CVE-2024-26633

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: fix NEXTHDRFRAGMENT handling in ip6tnlparsetlvenclim syzbot pointed out 1 that NEXTHDRFRAGMENT handling is broken. Reading fragoff can only be done if we pulled enough bytes to skb-head. Currently we might access...

smb: client: fix potential OOBs in smb2_parse_contexts()

...

UBUNTU-CVE-2023-52493

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parsexferevent such that a callback given to client can potentially queu...

OESA-2024-1252 json-path security update

Java DSL for reading and testing JSON documents. Security Fixes: json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse method.CVE-2023-51074...

Fedora: Security Advisory for golang-github-tdewolff-parse (FEDORA-2024-c3e32c5635)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-tdewolff-parse (FEDORA-2024-0d4d9925a2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jakarta-json-2.1.3-4.fc40

Jakarta JSON Processing provides portable APIs to parse, generate, transform, and query JSON documents...

[SECURITY] Fedora 38 Update: golang-github-tdewolff-parse-2.7.12-1.fc38

Go parsers for web formats...

kernel: memory leak in drivers/hid/hid-elo.c

A memory leak flaw was found in eloprobe in drivers/hid/hid-elo.c in the Human Interface Devices HID in the Linux kernel. This issue allows an attacker to cause a denial of service when hidparse in eloprobe fails...