PT-2022-37287 · Git +1 · Bluez

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 4 crash has been reported. The crash involves the following functions: element end, emit end element, and g markup parse...

PT-2022-34265 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.211 Description: A refcount leak was discovered in the qcom smd parse edge function of the rpmsg: qcom smd module. The actual impact and attack plausibility of this issue have not yet been proven...

PT-2022-33828 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 4.9 through 5.15.60 Description: The issue is related to a refcount leak in the qcom smd parse edge function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-36079 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-36079 Source advisory: OSV:GHSA-2M6G-CRV8-P3C6...

GHSA-2M6G-CRV8-P3C6 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns

Impact Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server from query results and are only returned to the client using a valid master key. However, using...

Parse Server vulnerable to brute force guessing of user sensitive data via search patterns

Impact Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server from query results and are only returned to the client using a valid master key. However, using...

DEBIAN-CVE-2022-40149

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

GHSA-PQW5-JMP5-PX4V parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...

parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...

PT-2022-33419 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: A NULL pointer dereference issue exists in the dev parse header protocol function when skb-dev is null. This issue was introduced in version v5.12 and is fixed in Linux Kernel version v5.19....

CVE-2022-3224

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

CVE-2022-3224

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

Design/Logic Flaw

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

CVE-2022-3224

CVE-2022-3224 concerns the parse-url npm package by ionică Bizău, affected in versions prior to 8.1.0. The root cause is a misinterpretation of input that leads to incorrect parsing of http/https URLs (e.g., misclassifying the URL protocol as ssh and misparsing the hostname). Reported impacts inc...

CVE-2022-3224 Misinterpretation of Input in ionicabizau/parse-url

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

CVE-2022-3224 Misinterpretation of Input in ionicabizau/parse-url

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

Server-Side Request Forgery (SSRF)

parse-url is vulnerable to server-side request forgery. The vulnerability exists in the parseUrl function in index.js because it doesn't validate url or detect the protocol, resource, pathname and user param properly which allows an attacker to cause an ssrf bypass via a crafted url...

GHSA-J9FQ-VWQV-2FM2 Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

parse-url 安全漏洞

parse-url is an advanced url parser with git url support by the individual developer Ionică Bizău. A security vulnerability exists in parse-url prior to version 8.1.0, which stems from the fact that parse-url incorrectly parses the https url that follows it, identifying its protocol as ssh, and...