python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

PT-2022-14610 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions affected versions not specified Description: The issue is related to a function called nla parse, which fails to check the length of a parameter, allowing userspace to control nla type. This can lead to out-of-bounds OOB acce...

PT-2022-7370 · Unknown +7 · Frrouting Frr +7

Name of the Vulnerable Software and Affected Versions: FRRouting FRR versions prior to 8.4 Description: The issue is related to an out-of-bounds read in the BGP daemon of FRRouting FRR. This can lead to a segmentation fault and denial of service. The problem occurs in the bgp capability msg parse...

OESA-2022-1904 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Protobuf-c v1.4.0 was discovered to contain an invalid...

Information Disclosure

parse-server is vulnerable to information disclosure. An unauthorized attacker is able to gain access to sensitive user information because of lack of validation in the search pattern...

CVE-2022-36079

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

Code injection

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

CVE-2022-36079

CVE-2022-36079 affects Parse Server. Internal/protected fields (prefixed with '_') can be used as query constraints, and before fixes users could enumerate these fields to elicit a response object. This vulnerability existed prior to patches in versions 4.10.14 and 5.2.5, which require the master...

CVE-2022-40023

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...

PT-2022-23167 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.14 Parse Server versions prior to 5.2.5 Description: Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. These fields are...

Parse Server 信息泄露漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An information disclosure vulnerability exists in Parse Server versions prior to 4.10.14 and prior to 5.2.5, which stems from the use of query constraints that can be enumerated to guess these...

WithSecure fsicapd 安全漏洞

WithSecure products is a series of security software from the Finnish company WithSecure. A security vulnerability exists in WithSecure fsicapd, which stems from the presence of a denial of service DoS that could crash while parsing a scan request...

Input validation

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow...

PT-2022-7436 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a refcount leak bug in the of xudma dev get function within the dmaengine component of the Linux kernel. This bug can be exploited to cause a denial of service...

CVE-2022-38749 DoS in SnakeYAML

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow...

CVE-2022-36647

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parsesequenceheader at source/common/header.cc:269...

UBUNTU-CVE-2022-36647

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parsesequenceheader at source/common/header.cc:269...