Elasticsearch Uncaught Exception leading to crash

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

domain-suffix RegEx Denial of Service

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function. PoC js async function exploit const domainsuffix = require"domain-suffix"; // Crafting a string that will cause excessive backtracking const maliciousInput =...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

PT-2024-20898 · Unknown · Domain-Suffix

Name of the Vulnerable Software and Affected Versions: domain-suffix version 1.0.8 Description: The issue allows attackers to crash the application via crafted input to the parse function, resulting in a Denial of Service. This is achieved through a RegEx Denial of Service in the domain-suffix...

PT-2024-40680 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash state includes functions such as emit goto, emit class field init, and js parse function...

domain-suffix 安全漏洞

domain-suffix is a Node.js package. A security vulnerability exists in domain-suffix version 1.0.8, which stems from a vulnerability that allows an attacker to crash an application using crafted input via the parse function...

LLVM 安全漏洞

LLVM is a toolkit for building highly optimized compilers, optimizers and runtime environments for LLVM. A security vulnerability exists in LLVM version 15.0.0 due to a NULL pointer dereference vulnerability found in the parseOneMetadata function...

CVE-2024-25354

CVE-2024-25354 affects domain-suffix 1.0.8 (Node.js) with a RegEx Denial of Service in the parse function that can crash the application when given crafted input. Root cause: excessive backtracking in the regular expression. Impact: denial of service/crash; exploitation details are provided in pu...

expat: parsing large tokens can trigger a denial of service

A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...

PT-2024-40673 · Git +1 · Htslib

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a negative-size-param, as reported by OSS-Fuzz. The crash occurs in the following functions: vcf parse format,...

Improper Input Validation

parse-server is vulnerable to Improper Input Validation. The vulnerability is due to insufficient string sanitation for Cloud Function or Cloud Job names, which allows an attacker to crash the server, manipulate internal object storage, or potentially execute arbitrary code...

BIT-PARSE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remo...

VulnCheck KEV: CVE-2022-0185

Linux kernel contains a heap-based buffer overflow vulnerability in the legacyparseparam function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +25 more potentially affected by CVE-2024-29027 via parse-server (>=2.0.8 <=6.5.11)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2024-29027 Source advisory: OSV:GHSA-6HH7-46R2-VF29...

GHSA-6HH7-46R2-VF29 Server crashes on invalid Cloud Function or Cloud Job name

Impact Calling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection. Patches Added string sanitation for Cloud Function name and Cloud Job name. Workarounds Sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server...

Server crashes on invalid Cloud Function or Cloud Job name

Impact Calling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection. Patches Added string sanitation for Cloud Function name and Cloud Job name. Workarounds Sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server...

CVE-2024-29027

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

CVE-2024-29027

Parse Server vulnerability CVE-2024-29027 affects versions prior to 6.5.5 and 7.0.0-alpha.29, where calling an invalid Cloud Function name or Cloud Job name can crash the server and may allow code injection, internal store manipulation, or remote code execution. The fix was implemented in 6.5.5 a...