PT-2024-28441 · Wagtail · Wagtail

Name of the Vulnerable Software and Affected Versions: Wagtail versions prior to 5.2.6 Wagtail versions prior to 6.0.6 Wagtail versions prior to 6.1.3 Description: A bug in Wagtail's parse query string function would result in it taking a long time to process suitably crafted inputs, leading to a...

Torchbox Wagtail Security Breach

Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Torchbox Wagtail versions 5.2.6, 6.0 through 6.0.5, and 6.1 through 6.1.2, which stems from an error in parsequerystring that causes it to take a long time to process appropriatel...

PT-2024-6122 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: InPost for WooCommerce plugin versions 1.4.0 and earlier InPost PL plugin for WordPress versions 1.4.4 and earlier Description: The issue is related to a missing capability check on the parse request function, allowing unauthorized access and...

AZL-43618 CVE-2024-39684 affecting package opencc 1.1.1-3

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...

AZL-45423 CVE-2024-39684 affecting package opencc 1.1.1-3

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...

AZL-43297 CVE-2024-39684 affecting package rapidjson for versions less than 1.1.0-8

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...

AZL-43300 CVE-2024-38517 affecting package rapidjson for versions less than 1.1.0-8

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...

AZL-43245 CVE-2024-38517 affecting package rapidjson for versions less than 1.1.0-8

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...

AZL-43315 CVE-2024-39684 affecting package ceph for versions less than 16.2.10-5

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...

DEBIAN-CVE-2024-38517

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...

AZL-45330 CVE-2024-38517 affecting package opencc 1.1.1-3

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...

UBUNTU-CVE-2024-39684

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...

kernel: smb: client: fix potential OOBs in smb2_parse_contexts()

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h file. An attacker can elevate privileges by sending a crafted file that triggers the overflow when parsed. Remediation There is...

BIT-PARSE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the literalizeRegexPart function. The issue results from the lack of proper validation of a...

The vulnerability of the ParseAddressList function in the net/mail package in the Go programming language, which allows attackers to perform spoofing attacks.

The vulnerability of the ParseAddressList function in the net/mail package in the Go programming language is related to insufficient checking of the names displayed by this function. Exploitation of this vulnerability could allow a malicious actor to perform spear-phishing attacks by sending...

Prototype Pollution

adolphdudu/ratio-swiper is vulnerable to Prototype Pollution. The vulnerability is due to by passing crafted arguments with the proto property using functions like extendDefaults and parse. The vulnerability allows attackers to alter the behavior of all objects inheriting from the affected...

SQL Injection

parse-server is vulnerable to SQL Injection. The vulnerability is due to improper handling of user-supplied input when configured with the PostgreSQL database, allowing malicious SQL queries to be executed...

CVE-2024-39309

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...