libjpeg 安全漏洞

libjpeg is a C language library for processing JPEG format image data. It includes JPEG decoding, JPEG encoding and other JPEG functions. A security vulnerability exists in libjpeg that stems from an uncaught floating-point exception in the function ACLosslessScan::ParseMCU located in...

DEBIAN-CVE-2021-33362

Stack buffer overflow in the hevcparsevpsextension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

UBUNTU-CVE-2021-33362

Stack buffer overflow in the hevcparsevpsextension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

GPAC 缓冲区错误漏洞

GPAC is a multimedia framework for rich media and is distributed under the LGPL license. hevcparsevpsextension function in MP4Box in GPAC version 1.0.1 is vulnerable to a stack buffer overflow. An attacker could exploit the vulnerability via specially crafted files to cause a denial of service or...

com.alibaba.otter:canal.deployer (>=1.1.7 <=1.1.8), com.alibaba.otter:canal.instance.core (>=1.1.7 <=1.1.8) +90 more potentially affected by CVE-2021-37137 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.10.Final)

org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2021-37137 Source advisory: OSV:GHSA-9VJP-V76F-G363...

Incorrect version tags linked to external repository

Impact A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse...

GHSA-593V-WCQX-HQ2W Incorrect version tags linked to external repository

Impact A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse...

Denial Of Service

parse-server is vulnerable to denial of service. The vulnerability exists due to An attacker is able to crash the system by sending a query request containing an invalid explain option value...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2021-39187 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2021-39187 Source advisory: OSV:GHSA-XQP8-W826-HH6X...

Parse Server crashes with query parameter

Impact Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. Patches Upgrade to Parse Server 4.10.3...

GHSA-XQP8-W826-HH6X Parse Server crashes with query parameter

Impact Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. Patches Upgrade to Parse Server 4.10.3...

CVE-2021-39187

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

CVE-2021-39187

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

Design/Logic Flaw

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

CVE-2021-39187

CVE-2021-39187 affects Parse Server prior to 4.10.3. The vulnerability arises from the MongoDB Node.js driver: when a query request contains an invalid value for the explain option, the driver throws an exception that Parse Server cannot catch, causing a crash. A patch exists in Parse Server 4.10...

CVE-2021-39187 Crash server with query parameter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

Parse Server 注入漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An injection vulnerability exists in versions of Parse Server prior to 4.10.3, which can cause the Parse Server to crash if a query request contains an invalid value for the "explain" option. T...

PT-2021-22444 · Unknown · Parse Server +1

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.3 Description: The issue occurs when a query request contains an invalid value for the explain option, causing Parse Server to crash due to a bug in the MongoDB Node.js driver that throws an exception Parse...

GHSA-G452-6RFC-VRVX Prototype Pollution in open-graph

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

Prototype Pollution

Overview algoliasearch-helper is a Helper for implementing advanced search features with algolia Affected versions of this package are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against...