PT-2022-3535 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.11 and 5.2.2 Description: The issue is related to the lack of validation of the certificate in the Parse Server Apple Game Center auth adapter. This could potentially allow authentication to be bypassed by...

CVE-2022-20208

In parseRecursively of cppborparse.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID...

CVE-2022-20165

In asn1parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2022-20165

In asn1parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Cross Site Scripting via Improper Input Validation

Description The parse-url The 5.0.8 version of the parser does not check :// character between protocols. This causes spoofing of the javascript protocol itself. Additionally, protocol spoofing does not occur in url-parse, new URL, and url.parse other than parse-url. Proof of Concept const parseU...

CVE-2022-32978

There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan...

CVE-2022-24969

bypass CVE-2021-25640 In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability...

Bypass of last fix

Description last fix can be bypass because in this line we should consider the case \r\r or even \r too. Proof of Concept javascript const http = require"http"; const parseUrl = require"parse-url"; const url = parseUrl'jav\r\r\rascript://%0aalert1'; console.logurl const server =...

Arbitrary Command Execution

jmespath is vulnerable to arbitrary command execution. An attacker is able to inject and execute arbitrary commands due to the unsafe usage of JSON.load where JSON.parse is preferable...

CVE-2022-32511

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

OSV-2022-452 Stack-buffer-overflow in parse_regex

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47780 Crash type: Stack-buffer-overflow READ 1 Crash state: parseregex cliregex2suffix regexlistaddpattern...

CVE-2021-42196

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traitsparse located in abc.c. It allows an attacker to cause Denial of Service...

swftools 代码问题漏洞

Swftools is a set of utilities for working with Adobe Flash files SWF files. swftools 2020-12-22 and earlier versions are vulnerable to a null pointer dereference, which stems from the presence of a NULL pointer dereference in the function traitsparse located in abc.c. An attacker could exploit...

CLSA-2022-1654106859 Fix CVE(s): CVE-2022-0391

SECURITY UPDATE: Injection attack - debian/patches/CVE-2022-0391.patch: sanitize urls in urllib.parse when it containing ASCII newline and tabs in Doc/library/urllib.parse.rst, Lib/test/testurlparse.py, Lib/urllib/parse.py. - CVE-2022-0391...

PT-2022-3342 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw in the Linux kernel's nft set desc concat parse function allows an attacker to trigger a buffer overflow, causing a denial of service and possibly allowing the execution of...

CVE-2022-29358

epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in parsespecialtag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted XML file...

epub2txt2 输入验证错误漏洞

epub2txt is a simple command-line utility for extracting text from an EPUB document and optionally rearranging it to fit a specific number of columns of text to be displayed. epub2txt2 version v2.04 is vulnerable to a denial-of-service vulnerability stemming from an integer overflow error in the...

MediaWiki Cross-site Scripting (XSS) vulnerability

In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it does...

CVE-2019-14291

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3...

Xepor - Web Routing Framework For Reverse Engineers And Security Researchers, Brings The Best Of Mitmproxy And Flask

Xepor pronounced /ˈzɛfə/ , zephyr, a web routing framework for reverse engineers and security researchers. It provides a Flask-like API for hackers to intercept and modify HTTP request and/or HTTP response in a human-friendly coding style. This project is meant to be used with mitmproxy. User wri...