Parse Server 输入验证错误漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An input validation error vulnerability exists in Parse Server prior to version 4.10.17 and version 5.x prior to version 5.2.8, which stems from a crash upon receiving a file download request...

CVE-2022-39313

Parse Server is affected by a Denial of Service when handling a file download request with an invalid byte range. The issue occurs in versions prior to 4.10.17 and, on the 5.x branch, prior to 5.2.8, where such requests crash the server. Patches are available in v4.10.17 and v5.2.8. No workaround...

CVE-2022-39313 Parse Server crashes when receiving file download request with invalid byte range

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been...

CVE-2022-39313 Parse Server crashes when receiving file download request with invalid byte range

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been...

Amazon Linux 2 : golang-github-godbus-dbus (ALAS-2022-1858)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1858 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

Amazon Linux 2 : golang-github-kr-pty (ALAS-2022-1864)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1864 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

Amazon Linux 2 : golang-github-gorilla-mux (ALAS-2022-1860)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1860 advisory. 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid...

UBUNTU-CVE-2022-43037

An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4File::ParseStream in /Core/Ap4File.cpp...

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4 v1.6.0-639, which originates from a memory leak in function AP4File::ParseStream in /Core/Ap4File.cpp...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotne...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64 to version 6.0.3 or higher. References - Dotnet Announcement -...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotne...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm to version 6.0.3 or higher. References - Dotnet Announcement -...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet Issue - Microsof...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.linux-arm64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet Issue -...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.win-x64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet Issue -...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64 to version 6.0.3 or higher. References - Dotnet Announcement -...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64 to version 6.0.3 or higher. References - Dotnet...