6926 matches found
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
Design/Logic Flaw
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
PT-2021-11262 · Easy-Xml · Easy-Xml
Name of the Vulnerable Software and Affected Versions: Easy-XML version 0.5.0 Description: The issue allows an attacker to expose sensitive data or perform a denial of service via a crafted external entity entered into the XML content as input. This is due to a XML External Entity XXE vulnerabili...
CLSA-2021-1635459208 Fix CVE(s): CVE-2021-25217
SECURITY UPDATE: buffer overrun in common code parseX - debian/patches/CVE-2021-25217.patch: fix incorrect order of operations in common/parse.c. - CVE-2021-25217...
Buffer overflow
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USBHostParseDeviceConfigurationDescriptor...
CVE-2021-38260
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USBHostParseDeviceConfigurationDescriptor...
CVE-2021-38260
CVE-2021-38260 affects NXP MCUXpresso SDK v2.7.0. A buffer overflow in USB_HostParseDeviceConfigurationDescriptor() could cause memory corruption. CVSSv3.1 base score 7.8 (LOCAL, LOW exploitability, LOW privileges, NONE user interaction) with HIGH impact on confidentiality, integrity, and availab...
UBUNTU-CVE-2021-42327
dplinksettingswrite in drivers/gpu/drm/amd/display/amdgpudm/amdgpudmdebugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parsewritebufferintoparam...
GHSA-3448-VRGH-85XR NULL Pointer Dereference in OpenCV.
An issue was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.1.26. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp...
DEBIAN-CVE-2020-22679
Memory leak in the sgpdparseentry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service DoS via a crafted input...
DEBIAN-CVE-2020-22673
Memory leak in the sencParse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service DoS via a crafted input...
GO-2021-0113 Out-of-bounds read in golang.org/x/text/language
Due to improper index calculation, an incorrectly formatted language tag can cause Parse to panic via an out of bounds read. If Parse is used to process untrusted user inputs, this may be used as a vector for a denial of service attack...
LiveQuery publishes user session tokens in parse-server
Impact For regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the Parse.User class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2021-41109 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2021-41109 Source advisory: OSV:GHSA-7PR3-P5FM-8R9X...
GHSA-7PR3-P5FM-8R9X LiveQuery publishes user session tokens in parse-server
Impact For regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the Parse.User class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery...
CVE-2021-41109
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...
CVE-2021-41109
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...