PT-2023-14682 · Json.H · Json.H

Name of the Vulnerable Software and Affected Versions: sheredom json.h versions prior to commit 0825301a07cbf51653882bf2b153cc81fdadf41 Description: The issue is related to a buffer overflow vulnerability in the json parse number function. This vulnerability allows attackers to execute arbitrary...

Parse Server 安全漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.4.1, which stems from a vulnerability that allows bypassing the Parse Server masterKeyIps security mechanism by setting the...

IP Spoofing

parse-server is vulnerable to IP Spoofing Attack Via HTTP Request Header. The vulnerability exists due to the incorrect implementation of the client IP address in the parse server option masterKeyIps of the library, which sets the allowed IP address to the the x-forwarded-for header value, allowi...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2023-22474 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2023-22474 Source advisory: OSV:GHSA-VM5R-C87R-PF6X...

GHSA-VM5R-C87R-PF6X Parse Server option `masterKeyIps` vulnerability to IP spoofing

Impact Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server will trust the value of the header. The incorrect client IP address will be used by various feature...

Parse Server option `masterKeyIps` vulnerability to IP spoofing

Impact Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server will trust the value of the header. The incorrect client IP address will be used by various feature...

PT-2023-18526 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.4.1 Description: The issue arises from Parse Server's use of the request header x-forwarded-for to determine the client IP address. If Parse Server is not running behind a proxy server, a client can set this...

The vulnerability of the httpd parse_ping_result API of the microprogramming software for InHand Networks’ InRouter302 routers arises from copying buffers without checking the size of the input data. This allows attackers to execute arbitrary code.

The vulnerability of the httpd parsepingresult API of the microprogramming software for InHand Networks InRouter302 lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created...

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

Regular Expression Denial Of Service (ReDoS)

cookiejar is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in the parse function of cookiejar.js due to inefficient regular expression complexity which allows an attacker to crash the application by submitting a malicious string...

Out-of-bounds

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the validateprotocol function. We believe this bug is harmless in practice, because the out-of-bounds...

libxml2: integer overflows with XML_PARSE_HUGE

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

RHEL 7 : Red Hat OpenShift Service Mesh 1.0.10 Jaeger and Kiali (RHSA-2020:0972)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0972 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

ALPINE-CVE-2023-24056

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconftupleparse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes...

DEBIAN-CVE-2023-24056

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconftupleparse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes...

PT-2023-2539 · Pkgconf +2 · Pkgconf +2

Name of the Vulnerable Software and Affected Versions: pkgconf versions 1.9.3 and earlier Description: The issue is related to the pkgconf tuple parse function in libpkgconf/tuple.c, which can cause an unbounded string expansion due to incorrect checks. This can lead to a denial of service when a...

DEBIAN-CVE-2023-23143

Buffer overflow vulnerability in function avcparseslice in file mediatools/avparsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master...

PT-2023-18855 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev1-g4669ba229-master Description: A buffer overflow issue exists in the avc parse slice function located in the media tools/av parsers.c file. This issue can be exploited, but details about the estimated number of...

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version 2.3-DEV-rev1-g4669ba229-master, which stems from the discovery of a contained buffer overflow vulnerability via the avcparseslice function in mediatools/avparsers.c...

DEBIAN-CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...