CVE-2021-41109

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...

Session fixation

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...

CVE-2021-41109

CVE-2021-41109 refers to a vulnerability in Parse Server where, before version 4.10.4, LiveQuery payloads leaked session tokens for users with a LiveQuery subscription on the Parse.User class. The root cause is that LiveQuery payloads included session tokens while regular queries did not. The adv...

CVE-2021-41109 LiveQuery publishes user session tokens

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...

Parse Server 信息泄露漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server suffers from an information disclosure vulnerability that stems from the fact that for regular non-LiveQuery queries, session tokens are removed from the response, but not currentl...

PT-2021-23094 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.4 Description: The issue concerns the exposure of session tokens in LiveQuery payloads for users with a LiveQuery subscription on the Parse.User class. Normally, session tokens are removed from responses fo...

aurelia path code injection vulnerability

aurelia path is part of the aurelia platform and contains utilities for path operations. A code injection vulnerability exists in aurelia path that exposes Aurelia applications that use the aurelia-path package to parse strings. No detailed vulnerability details are provided at this time...

nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

LibreSSL 缓冲区错误漏洞

LibreSSL is an open source implementation of the Secure Sockets Layer SSL and Transport Layer Security TLS protocols. x509constraintsparsemailbox in lib/libcrypto/x509/x509constraints.c in LibreSSL 3.4.0 and earlier versions has a stack buffer overflow vulnerability. No detailed vulnerability...

USN-5085-1: SQL parse vulnerability

It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service...

nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

Ubuntu 21.04 : SQL parse vulnerability (USN-5085-1)

The remote Ubuntu 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-5085-1 advisory. It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service. Tenable has...

nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

CVE-2021-39596

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function codeparse located in code.c. It allows an attacker to cause Denial of Service...

CVE-2021-39589

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function parsemetadata located in abc.c. It allows an attacker to cause Denial of Service...

DEBIAN-CVE-2021-39515

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function SampleInterleavedLSScan::ParseMCU located in sampleinterleavedlsscan.cpp. It allows an attacker to cause Denial of Service...

UBUNTU-CVE-2021-39589

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function parsemetadata located in abc.c. It allows an attacker to cause Denial of Service...

The vulnerability in the `parser_parse_statements` function of the `js-parser-statm.c` component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a attacker to trigger a service failure.

The vulnerability of the parserparsestatements function in the js-parser-statm.c component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform is related to incorrect comparisons. Exploiting this vulnerability could allow a remote attacker to cause a service...

The vulnerability in the `lexer_parse_number` function of the `js-lexer.c` component of the JavaScript engine for Internet of Things applications, JerryScript, and the IoT.js platform, related to buffer overflows, allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the lexerparsenumber function in the js-lexer.c component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform, is related to buffer overflow attacks. Exploiting this vulnerability could allow an attacker to gain access to confidential dat...