PT-2022-26111 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.3.3 Parse Server versions prior to 4.10.20 Description: A compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server...

CVE-2022-41878 Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...

CVE-2022-39396 Parse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a...

CVE-2022-41879 Parse Server subject to Prototype pollution via Cloud Code Webhooks

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server...

CVE-2022-41878 Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...

CVE-2022-39891

Heap overflow vulnerability in parsepce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-41878 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-41878 Source advisory: OSV:GHSA-XPRV-WVH7-QQQX...

Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers

Impact Keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the requestKeywordDenylist option. Patches Improved keyword detection. Workarounds...

GHSA-XPRV-WVH7-QQQX Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers

Impact Keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the requestKeywordDenylist option. Patches Improved keyword detection. Workarounds...

Parse Server 安全漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server 4.10.18 through versions prior to 5.3.1 on the 5.X branch, which stems from the fact that an attacker can use a prototype contamination receiver ...

SAMSUNG Editor Lite 缓冲区错误漏洞

SAMSUNG Editor Lite is a video editor from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Editor Lite versions prior to 4.0.41.3, which is caused by a heap overflow in the parsepce function in libsavsaudio.so, which can be exploited by an attacker to obtain...

CVE-2022-39891

Heap overflow vulnerability in parsepce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information...

PT-2022-25084 · Unknown · Libsavsaudio.So +1

Name of the Vulnerable Software and Affected Versions: Editor Lite versions prior to 4.0.41.3 Description: A heap overflow vulnerability exists in the parse pce function in libsavsaudio.so of Editor Lite. This issue allows an attacker to obtain information. Recommendations: For versions prior to...

PT-2022-26110

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.19 Parse Server versions prior to 5.3.2 Description The issue allows keywords specified in the requestKeywordDenylist option to be injected via Cloud Code Webhooks or Triggers, resulting in the keyword being...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-39396 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-39396 Source advisory: OSV:GHSA-PRM5-8G2M-24GG...

Remote code execution via MongoDB BSON parser through prototype pollution

Impact An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. Patches Prevent prototype pollution in MongoDB database adapter. Workarounds Disable remote code execution through the MongoDB BSON parser. Collaborators Mikhail Shcherbako...

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

kernel: buffer overflow in nft_set_desc_concat_parse()

A vulnerability was found in the Linux kernel's nftsetdescconcatparse function .This flaw allows an attacker to trigger a buffer overflow via nftsetdescconcatparse , causing a denial of service and possibly to run code...

kernel: buffer overflow in nft_set_desc_concat_parse()

A vulnerability was found in the Linux kernel's nftsetdescconcatparse function .This flaw allows an attacker to trigger a buffer overflow via nftsetdescconcatparse , causing a denial of service and possibly to run code...

PT-2022-36753 · Git +1 · Opensis

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue is reported, with a crash type indicating a heap-buffer-overflow READ 1. The crash state involves functions such as par...