Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet Iss...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86 to version 6.0.3 or higher. References - Dotnet Announcement ...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet...

GHSA-H423-W6QV-2WJ3 parse-server crashes when receiving file download request with invalid byte range

Impact Parse Server crashes when a file download request is received with an invalid byte range. Patches Improved parsing of the range parameter to properly handle invalid range requests. Workarounds None References - GHSA-h423-w6qv-2wj3...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-39313 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-39313 Source advisory: OSV:GHSA-H423-W6QV-2WJ3...

parse-server crashes when receiving file download request with invalid byte range

Impact Parse Server crashes when a file download request is received with an invalid byte range. Patches Improved parsing of the range parameter to properly handle invalid range requests. Workarounds None References - GHSA-h423-w6qv-2wj3...

PT-2022-24895 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.17 Parse Server versions prior to 5.2.8 on the 5.x branch Description: The issue occurs when a file download request is received with an invalid byte range, causing the server to crash and resulting in a...

OTFCC Buffer Overflow Vulnerability (CNVD-2023-11782)

OTFCC is a C library and utility open sourced by Caryll. It is used to parse and write OpenType font files.OTFCC 0.10.4 and earlier versions have a buffer overflow vulnerability that originates in /release-x64/otfccdump 0x6b84b1 with a boundary error when processing untrusted input, which can be...

DEBIAN-CVE-2022-3533

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parseusdtarg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument regname leads to memory leak. It is recommended to apply a patch to fix this issue. The...

DEBIAN-CVE-2022-41715

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consu...

AZL-33565 CVE-2022-32149 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-22

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-43954 CVE-2022-32149 affecting package podman 4.1.1-26

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-45162 CVE-2022-32149 affecting package containernetworking-plugins for versions less than 1.6.1-4

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

CVE-2022-32149

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-45108 CVE-2022-32149 affecting package buildah for versions less than 1.41.4-2

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-33608 CVE-2022-32149 affecting package libcontainers-common for versions less than 20210626-6

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

DEBIAN-CVE-2022-32149

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-44613 CVE-2022-32149 affecting package podman for versions less than 5.6.1-2

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-33583 CVE-2022-32149 affecting package gh for versions less than 2.13.0-22

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-34839 CVE-2022-32149 affecting package keda for versions less than 2.14.0-1

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...