Go-CVSS 缓冲区错误漏洞

Go-CVSS is a low-allocation Go module from the Lucas TESSON personal developer. It is used to operate the Common Vulnerability Scoring System CVSS. A buffer error vulnerability exists in Go-CVSS versions prior to v0.4.0, which stems from a potential out-of-bounds read due to lack of testing when...

CVE-2022-2900

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

CVE-2022-2900

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

CVE-2022-2900

CVE-2022-2900 affects the npm package parse-url (GitHub: ionicabizau/parse-url) up to version 8.0.x; it is a Server-Side Request Forgery (SSRF) vulnerability that could allow a remote attacker to induce the server to perform requests on its behalf. The NVD/CVSS data assign a 9.1 CRITICAL base sco...

CVE-2022-2900 Server-Side Request Forgery (SSRF) in ionicabizau/parse-url

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

The vulnerability of the `cgroup1_parse_param` function in the kernel/cgroup/cgroup-v1.c file of the Linux operating system allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the cgroup1parseparam function in the kernel/cgroup/cgroup-v1.c file of the Linux operating system is related to the lack of checks to ensure that the source parameter is indeed a string. Exploiting this vulnerability could allow an attacker to access confidential data,...

parse-url 代码问题漏洞

parse-url is an advanced url parser with git url support by the individual developer Ionică Bizău. A security vulnerability exists in parse-url versions prior to 8.1.0. An attacker exploited the vulnerability to perform a server-side request forgery attack...

CVE-2022-20385

a function called 'nlaparse', do not check the len of para, it will check nlatype which can be controlled by userspace with 'maxtype' in this case, it is GSCANMAX, then it access polciy array 'policytype', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819...

mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations

MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...

ruby: Cookie prefix spoofing in CGI::Cookie.parse

A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...

python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

PT-2022-14610 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions affected versions not specified Description: The issue is related to a function called nla parse, which fails to check the length of a parameter, allowing userspace to control nla type. This can lead to out-of-bounds OOB acce...

PT-2022-7370 · Unknown +7 · Frrouting Frr +7

Name of the Vulnerable Software and Affected Versions: FRRouting FRR versions prior to 8.4 Description: The issue is related to an out-of-bounds read in the BGP daemon of FRRouting FRR. This can lead to a segmentation fault and denial of service. The problem occurs in the bgp capability msg parse...

OESA-2022-1904 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Protobuf-c v1.4.0 was discovered to contain an invalid...

Information Disclosure

parse-server is vulnerable to information disclosure. An unauthorized attacker is able to gain access to sensitive user information because of lack of validation in the search pattern...

CVE-2022-36079

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

Code injection

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...