CVE-2022-36079

CVE-2022-36079 affects Parse Server. Internal/protected fields (prefixed with '_') can be used as query constraints, and before fixes users could enumerate these fields to elicit a response object. This vulnerability existed prior to patches in versions 4.10.14 and 5.2.5, which require the master...

CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

CVE-2022-40023

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...

Parse Server 信息泄露漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An information disclosure vulnerability exists in Parse Server versions prior to 4.10.14 and prior to 5.2.5, which stems from the use of query constraints that can be enumerated to guess these...

PT-2022-23167 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.14 Parse Server versions prior to 5.2.5 Description: Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. These fields are...

WithSecure fsicapd 安全漏洞

WithSecure products is a series of security software from the Finnish company WithSecure. A security vulnerability exists in WithSecure fsicapd, which stems from the presence of a denial of service DoS that could crash while parsing a scan request...

Input validation

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow...

CVE-2022-38749 DoS in SnakeYAML

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow...

PT-2022-7436 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a refcount leak bug in the of xudma dev get function within the dmaengine component of the Linux kernel. This bug can be exploited to cause a denial of service...

CVE-2022-36647

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parsesequenceheader at source/common/header.cc:269...

UBUNTU-CVE-2022-36647

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parsesequenceheader at source/common/header.cc:269...

CVE-2022-36647

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parsesequenceheader at source/common/header.cc:269...

Aced - Tool to parse and resolve a single targeted Active Directory principal's DACL

Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging...

PKUVCL davs2 安全漏洞

davs2 is an open source decoder for AVS2-P2/IEEE1857.4 video coding standard open source by PKUVCL in China. A security vulnerability exists in PKUVCL davs2 v1.6.205, which stems from a global buffer overflow in the parsesequenceheader function in its source/common/header.cc:269 component...

PT-2022-23527 · Unknown · Pkuvcl Davs2

Name of the Vulnerable Software and Affected Versions: PKUVCL davs2 version 1.6.205 Description: A global buffer overflow was discovered in the parse sequence header function at source/common/header.cc:269. This issue affects the specified version of PKUVCL davs2. Recommendations: For PKUVCL davs...

DEBIAN-CVE-2020-35535

In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF" function libraw\src\metadata\sony.cpp when processing srf files...

mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations

MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...

PT-2022-8938 · Libraw · Libraw

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is an out-of-bounds read vulnerability within the LibRaw::parseSonySRF function when processing srf files. This occurs in the file librawsrcmetadatasony.cpp. Recommendations: At th...

The vulnerabilities of the functions parse_hello_subtlv(), parse_ihu_subtlv(), and parse_update_subtl() in the software for implementing network routing on Unix-like systems allow a hacker to execute arbitrary code.

The vulnerability of the functions parsehellosubtlv, parseihusubtlv, and parseupdatesubtl babeld/message.c of the software tool for implementing networking routing on Unix-like systems is related to the escape of operations outside of the buffer in memory. Exploiting this vulnerability could allo...

CVE-2022-37768

libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer...