Privilege escalation

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...

Denial Of Service (DoS)

parse-server is vulnerable to Denial of Service. The vulnerability is due to improper validation on the file upload mechanism. The attacker can exploit this issue by uploading a file without any extension resulting in an application crash...

CVE-2023-46119 Parse Server may crash when uploading file without extension

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...

CVE-2023-46119

Parse Server vulnerability CVE-2023-46119 causes crashes during file upload when no extension is provided. Affected software: Parse Server (Node.js backend). Root cause (as described in sources): crash due to handling of file uploads without an extension, leading to denial of service-like disrupt...

CVE-2023-46119 Parse Server may crash when uploading file without extension

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...

CVE-2023-46119 Parse Server may crash when uploading file without extension

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...

Parse Server Path Traversal Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server that stems from the application crashing when uploading files with no extension...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2023-46119 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2023-46119 Source advisory: OSV:GHSA-792Q-Q67H-W579...

GHSA-792Q-Q67H-W579 Parse Server may crash when uploading file without extension

Impact Parse Server crashes when uploading a file without extension. Patches A permanent fix has been implemented to prevent the server from crashing. Workarounds There are no known workarounds. References - GitHub security advisory:...

Parse Server may crash when uploading file without extension

Impact Parse Server crashes when uploading a file without extension. Patches A permanent fix has been implemented to prevent the server from crashing. Workarounds There are no known workarounds. References - GitHub security advisory:...

PT-2023-29852 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.5.6 Parse Server versions prior to 6.3.1 Description: Parse Server crashes when uploading a file without extension. This issue has been patched in versions 5.5.6 and 6.3.1. Recommendations: For versions prior ...

CVE-2023-46316

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines...

CVE-2023-5132

The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerc...

golang: go/parser: Infinite loop in parsing

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

UBUNTU-CVE-2023-29453

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

Improper Input Validation

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Improper Input Validation due to insufficient input validation in the parsemediashortcode AJAX function. An attacker can manipulate the shortcode outpu...

PT-2023-35524 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. The crash state indicates involvement of the iasecc parse get tlv, iasecc parse docp, and iase...

OSV-2023-989 Heap-buffer-overflow in load_sections_64

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63074 Crash type: Heap-buffer-overflow READ Crash state: loadsections64 parseclasses64 classes...

PT-2023-36067 · Git +1 · Radare2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read crash has been reported. The crash involves the load sections 64, parse classes 64, and classes functions. No information is...

CVE-2023-44386 Incorrect request error handling triggers server crash in Vapor

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2...