GHSA-H4MF-75HF-67W4 Information disclosure in parse-server

you can fetch all the users' objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken "SessionToken":"$regex":"r:027f" and find valid accounts this way. Using this method, it's possible to retrieve accounts without interaction from the users. GET...

Information disclosure in parse-server

you can fetch all the users' objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken "SessionToken":"$regex":"r:027f" and find valid accounts this way. Using this method, it's possible to retrieve accounts without interaction from the users. GET...

CVE-2020-5251 Information disclosure in parse-server

In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way...

CVE-2020-1815

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while...

DEBIAN-CVE-2020-8124

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

CVE-2020-8124

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

CVE-2020-8124

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

UBUNTU-CVE-2020-8124

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

CVE-2020-8124

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

CVE-2020-8124

CVE-2020-8124 refers to a vulnerability in the url-parse npm package (versions

PT-2020-19961 · Npm +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions 1.4.4 and earlier Description: The issue is related to insufficient validation and sanitization of user input in the url-parse npm package, which may allow an attacker to bypass security checks. Recommendations: For version...

Cross-Site Scripting (XSS)

url-parse is vulnerable to cross-site scripting XSS. The vulnerability exists as the unsanitized value of address in index.js could be used to bypass validation checks when used in the browser...

Fedora: Security Advisory for podofo (FEDORA-2020-dd79b615cd)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: podofo-0.9.6-9.fc31

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1549)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c

A flaw was found in the mwifiex implementation in the Linux kernel. A system connecting to wireless access point could be manipulated by an attacker with advanced permissions on the access point into localized memory corruption or possibly privilege escalation...

Denial Of Service (DoS)

libsass.so is vulnerable to buffer over-read vulnerability. When an attacker passes a malicious argument, it causes a parse error in parseiekeywordarg, leading to the argument kwdarg to be unfreed and a buffer over-read...

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...