DEBIAN-CVE-2023-25584

An out-of-bounds read flaw was found in the parsemodule function in bfd/vms-alpha.c in Binutils...

CVE-2023-25584

An out-of-bounds read flaw was found in the parsemodule function in bfd/vms-alpha.c in Binutils...

CVE-2023-25584 Out of bounds read in parse_module function in bfd/vms-alpha.c

An out-of-bounds read flaw was found in the parsemodule function in bfd/vms-alpha.c in Binutils...

Input validation

NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914...

[SECURITY] Fedora 37 Update: libeconf-0.5.2-1.fc37

libeconf is a highly flexible and configurable library to parse and manage key=3Dvalue configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it...

PT-2023-36008 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a null-dereference read crash. Technical details about the crash include the functions isvcd parse inter slice data cavlc enh lyr...

Denial Of Service (DoS)

tcpreplay is vulnerable to Denial Of Service DoS. The vulnerability exists in the parse endpoint function of the library, which allows an attacker to cause an application by providing a maliciously crafted input...

GHSA-RR66-QH5M-W6MX hutool Buffer Overflow vulnerability

hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse...

PT-2023-36002 · Git +1 · Kamailio

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves functions such as parse priv value and parse privacy, which are located in...

CVE-2023-42278

hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse...

PT-2023-28307 · Hutool · Hutool

Name of the Vulnerable Software and Affected Versions: hutool version 5.8.21 Description: The issue is related to a buffer overflow in the JSONUtil.parse component. Recommendations: For hutool version 5.8.21, consider disabling the JSONUtil.parse function until a patch is available. Restrict the...

Incorrect Control Flow Implementation

Parse server is vulnerable to Incorrect Control Flow Implementation vulnerability. The vulnerability is caused by not invoking beforeFind trigger when executing the Parse.Query method in certain conditions. This can lead to access control issues when beforeFind is used as a security layer to modi...

CVE-2023-41058

Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...

Information disclosure

Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2023-41058 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2023-41058 Source advisory: OSV:GHSA-FCV6-FG5R-JM9Q...

GHSA-FCV6-FG5R-JM9Q Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer

Impact A Parse Pointer can be used to access internal Parse Server classes. It can also be used to circumvent the beforeFind query trigger which can be an additional vulnerability for deployments where the beforeFind trigger is used as a security layer to modify an incoming query. Patches The...

Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer

Impact A Parse Pointer can be used to access internal Parse Server classes. It can also be used to circumvent the beforeFind query trigger which can be an additional vulnerability for deployments where the beforeFind trigger is used as a security layer to modify an incoming query. Patches The...

CVE-2023-41058 Trigger `beforeFind` not invoked in internal query pipeline in parse-server

Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...

CVE-2023-41058 Trigger `beforeFind` not invoked in internal query pipeline in parse-server

Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...

CVE-2023-41058 Trigger `beforeFind` not invoked in internal query pipeline in parse-server

Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...