UBUNTU-CVE-2022-33070

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...

protobuf-c 安全漏洞

protobuf-c is a protocol buffer implementation based on C. A denial of service vulnerability exists in Protobuf-c v1.4.0, which stems from a function parsetagandwiretype in protobuf-c/protobuf-c.c that contains an invalid arithmetic shift. An attacker could exploit this vulnerability to cause a...

PT-2022-5387 · Libxml2 +12 · Libxml2 +12

Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.10.3 Description: The issue is related to an integer overflow in the xmlParseNameComplex function of the libxml2 library when parsing XML documents with the XML PARSE HUGE parser option enabled. This can lead to an...

PT-2022-5386 · Libxml2 +12 · Libxml2 +12

Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.10.3 Description: An issue was discovered in libxml2 where certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be...

Denial Of Service (DoS)

parse-server is vulnerable to denial of service DoS attacks. A malicious user is able to cause denial of service conditions via certain types of invalid file requests which are not handled properly...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-31089 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-31089 Source advisory: OSV:GHSA-XW6G-JJVF-WWF9...

GHSA-XW6G-JJVF-WWF9 Invalid file request can crash server

Impact Certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as a single instance without redundancy, the availability impact m...

Authentication Bypass

parse-server is vulnerable to authentication bypass. The vulnerability exists because the certificate in auth adapter is not properly validated. An attacker is able to bypass authentication checks by making a fake certificate accessible via certain Apple domains and providing the URL to that...

PT-2022-20517 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.12 Parse Server versions prior to 5.2.3 Description: The issue arises from the improper handling of certain types of invalid file requests, which can cause the server to crash. The availability impact may b...

UBUNTU-CVE-2014-125008

A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbisheader of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue...

Authentication bypass vulnerability in Apple Game Center auth adapter

Impact The certificate in Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Patches To prevent this, a new...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-31083 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-31083 Source advisory: OSV:GHSA-RH9J-F5F8-RVGC...

GHSA-RH9J-F5F8-RVGC Authentication bypass vulnerability in Apple Game Center auth adapter

Impact The certificate in Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Patches To prevent this, a new...

CVE-2022-31083

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake...

Authentication flaw

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake...

CVE-2022-31083 Authentication bypass in Parse Server Apple Game Center auth adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake...

CVE-2022-31083

Parse Server vulnerability CVE-2022-31083 affects the Apple Game Center auth adapter. Prior to versions 4.10.11 and 5.2.2, the certificate in this adapter was not validated, potentially allowing authentication bypass by supplying a forged certificate via certain Apple domains and an authData URL....

CVE-2022-31083 Authentication bypass in Parse Server Apple Game Center auth adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake...

CVE-2022-31083 Authentication bypass in Parse Server Apple Game Center auth adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake...

Parse Server 信任管理问题漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A trust management issue vulnerability exists in versions of Parse Server prior to 5.2.2 that stems from an unvalidated certificate in the Apple Game Center authentication adapter, which can be...