parse-server security vulnerability

parse-server is an open source Backend-as-a-Service BaaS framework that is primarily used for application backend processing. A security vulnerability exists in parse-server versions prior to 6.5.0 and prior to 7.0.0 that stems from the presence of a SQL injection vulnerability...

PT-2024-21803

Name of the Vulnerable Software and Affected Versions parse-server versions prior to 6.5.0 parse-server versions prior to 7.0.0-alpha.20 Description This issue allows SQL injection when parse-server is configured to use the PostgreSQL database. A remote attacker could send specially-crafted SQL...

UBUNTU-CVE-2024-24149

A memory leak issue discovered in parseSWFGLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file...

UBUNTU-CVE-2024-24150

A memory leak issue discovered in parseSWFTEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file...

The vulnerability of the kv_parse_power_table function in the PM Driver component of the Linux operating system allows a hacker to execute arbitrary code.

The vulnerability of the kvparsepowertable function in the PM Driver component of the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

SUSE CVE-2023-52469

In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kvparsepowertable When ps allocated by kzalloc equals to NULL, kvparsepowertable frees adev-pm.dpm.ps that allocated before. However, after the control flow goes through the following call...

PT-2024-20295 · Libming · Libming

Name of the Vulnerable Software and Affected Versions: libming version 0.4.8 Description: A memory leak issue was discovered in the parseSWF FILLSTYLEARRAY function, allowing attackers to cause a denial of service via a crafted SWF file. Recommendations: For libming version 0.4.8, consider updati...

The vulnerability of the Spreadsheet::ParseXLSX library for the Perl programming language arises from incorrect restrictions on XML references to external objects. This allows attackers to perform XXE attacks.

The vulnerability of the Spreadsheet::ParseXLSX library for the Perl programming language relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks using a specially created XLSX file...

UBUNTU-CVE-2023-52469

In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kvparsepowertable When ps allocated by kzalloc equals to NULL, kvparsepowertable frees adev-pm.dpm.ps that allocated before. However, after the control flow goes through the following call...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse vulnerability in kvparsepowertable...

UBUNTU-CVE-2023-52434

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2parsecontexts Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts. This fixes following oops when accessing invalid create contexts from server: BUG: unabl...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the parsemetaelementcreate function. An attacker can execute arbitrary code or cause a denial of service condition by causing the vulnerable application to process a malicious DICOM image. Remediation A fix was pushed...

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the parsemetasequenceend function. An attacker can execute arbitrary code or cause a denial of service by causing the vulnerable application to process a malicious DICOM image. Remediation A fix was pushed into the master...

Regular Expression Denial Of Service (ReDoS)

urlite is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due a regex with inefficient complexity within lib/pattern.js which is utilized by the parse function. An attacker can submit a crafter payload to the parse function which leads to Regular Expression Denial o...

PT-2024-20563 · Libdicom · Libdicom

Name of the Vulnerable Software and Affected Versions: libdicom version 1.0.5 Description: A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom. This issue can be triggered by a specially crafted DICOM file, causing premature freeing o...

Imaging Data Commons libdicom Resource Management Error Vulnerability

Imaging Data Commons libdicom is the Imaging Data Commons C library for reading DICOM files. A resource management error vulnerability exists in Imaging Data Commons libdicom version 1.0.5, which stems from a post-release reuse vulnerability in the parsing of DICOM elements...

The vulnerabilities of the functions PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes(), and PKCS12_newpass() in the OpenSSL library allow a attacker to cause a service failure.

The vulnerabilities of the functions PKCS12parse, PKCS12unpackp7data, PKCS12unpackp7encdata, PKCS12unpackauthsafes, and PKCS12newpass in the OpenSSL library are related to pointer arithmetic errors. Exploiting these vulnerabilities could allow an attacker to cause a service failure...

PT-2024-40577 · Boost · Boost

Name of the Vulnerable Software and Affected Versions: boost affected versions not specified Description: The issue is related to a stack-overflow crash. Technical details about the crash include the involvement of specific function names such as parse subgraph, parse endpoint rest, and parse stm...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...