python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

PT-2023-35866 · Git +1 · Freerdp

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow WRITE crash was reported, with the crash state involving TestFuzzCommonAssistanceParseFileBuffer.c. No information is available...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the yajltreeparse function. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other vulnerabilities, DoS attacks...

CVE-2021-4380

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...

DEBIAN-CVE-2023-33460

There's a memory leak in yajl 2.1.0 with use of yajltreeparse function. which will cause out-of-memory in server and cause crash...

AZL-35363 CVE-2023-33460 affecting package yajl for versions less than 2.1.0-19

There's a memory leak in yajl 2.1.0 with use of yajltreeparse function. which will cause out-of-memory in server and cause crash...

CVE-2023-33460

There's a memory leak in yajl 2.1.0 with use of yajltreeparse function. which will cause out-of-memory in server and cause crash...

ALPINE-CVE-2023-33460

There's a memory leak in yajl 2.1.0 with use of yajltreeparse function. which will cause out-of-memory in server and cause crash...

UBUNTU-CVE-2023-33460

There's a memory leak in yajl 2.1.0 with use of yajltreeparse function. which will cause out-of-memory in server and cause crash...

CVE-2023-33457

In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash...

CVE-2023-33457

In Sogou Workflow v0.10.6, CVE-2023-33457 arises from memcpy being called with a negative size in URIParser::parse, leading to a buffer overflow and crash. Affected product: Sogou Workflow (v0.10.6). Impact is high (CVE CVSS 3.1: 8.8) with potential for memory corruption due to improper size hand...

YAJL 安全漏洞

YAJL is a fast streaming JSON parsing library from the individual developer Lloyd Hilaiel. A security vulnerability exists in YAJL version 2.1.0, which stems from a memory leak using the yajltreeparse function...

CVE-2023-33457

In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash...

golang: go/parser: Infinite loop in parsing

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

Phishing Attack

parse-server is vulnerable to Phishing Attacks. A malicious user is able to upload an HTML file to the system via its public API, which is available at the internet domain where Parse Server is hosted, allowing the URL of the uploaded HTML files to be used for phishing attacks...

Multiple plugins by vcita - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and the email field in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts in the plugin settings page, which could target high privilege users such as administrators...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2023-32689 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2023-32689 Source advisory: OSV:GHSA-9PRM-JQWX-45X9...

GHSA-9PRM-JQWX-45X9 Phishing attack vulnerability by uploading malicious HTML file

Impact Phishing attack vulnerability by uploading malicious files. A malicious user could upload a HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for...