GHSA-WVH7-5P38-2QFC Storing Password in Local Storage

The setPassword method http://parseplatform.org/Parse-SDK-JS/api/2.9.1/Parse.User.htmlsetPassword stores the user's password in localStorage as raw text making it vulnerable to anyone with access to your localStorage. We believe this is the only time that password is stored at all. In the...

Authorization Bypass

parse-server is vulnerable to authorization bypass. The vulnerability exists in the GraphQL viewer where an authenticated user can bypass the read security restrictions, and all objects linked through relation, placed on his User object...

GraphQL: Security breach on Viewer query

Impact An authenticated user using the viewer GraphQL query can bypass all read security on his User object and can also bypass all objects linked via relation or Pointer on his User object. Patches This vulnerability has been patched in Parse Server 4.3.0. Workarounds No References See commit...

GHSA-236H-RQV8-8Q73 GraphQL: Security breach on Viewer query

Impact An authenticated user using the viewer GraphQL query can bypass all read security on his User object and can also bypass all objects linked via relation or Pointer on his User object. Patches This vulnerability has been patched in Parse Server 4.3.0. Workarounds No References See commit...

OSV-2020-1165 Global-buffer-overflow in parse_headers

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14154 Crash type: Global-buffer-overflow READ 4 Crash state: parseheaders parsehttprequest fuzzparsehttprequest...

OSV-2020-855 Use-of-uninitialized-value in read_uleb128

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6402 Crash type: Use-of-uninitialized-value Crash state: readuleb128 dexparse dexload...

Huawei Data Communication: Read and parse display mpls rsvp-te interface

Get mpls rsvp-te interface configuration of the VRP device. Please set screen-length of user-interface to 0, otherwise not all configurations are returned. Note: This script only stores information for other Policy Controls. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might b...

Huawei Data Communication: Read and parse display mpls ldp session verbose

Get mpls ldp session configuration of the VRP device. Please set screen-length of user-interface to 0, otherwise not all configurations are returned. Note: This script only stores information for other Policy Controls. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be...

CVE-2020-12425

Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...

The vulnerability of the phar_parse_pharfile function (xt/phar/phar.c) in the PHP programming language allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the pharparsepharfile function xt/phar/phar.c in the PHP programming language involves reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

gettext: double free in default_add_message in read-catalog.c

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

UBUNTU-CVE-2020-15570

The parsereport function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file...

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2020-44565)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A buffer overflow vulnerability exists in Date.parse in versions prior to Mozilla Firefox 78. An attacker can exploit this vulnerability to obtain sensitive information...

Ntop nDPI Buffer Overflow Vulnerability (CNVD-2020-36698)

Ntop nDPI is an open source library for deep packet inspection from Ntop Italy. A buffer overflow vulnerability exists in the ndpiparsepacketlineinfo in the lib/ndpimain.c file in Ntop nDPI 3.2 and earlier versions. The vulnerability stems from a network system or product performing operations in...

DEBIAN-CVE-2020-15471

In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpiparsepacketlineinfo in lib/ndpimain.c...

OSV-2020-605 Global-buffer-overflow in parse_headers

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14232 Crash type: Global-buffer-overflow READ 4 Crash state: parseheaders parsehttprequest fuzzparsehttprequest...

OSV-2020-394 Global-buffer-overflow in parse_headers

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14529 Crash type: Global-buffer-overflow WRITE 8 Crash state: parseheaders parsehttprequest fuzzparsehttprequest...

OSV-2020-373 UNKNOWN READ in url_decode

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14501 Crash type: UNKNOWN READ Crash state: urldecode parsekeyvalues fuzzparsehttprequest...

OSV-2020-328 UNKNOWN READ in dotnet_parse_tilde_2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16448 Crash type: UNKNOWN READ Crash state: dotnetparsetilde2 dotnetparsetilde dotnetparsecom...

PT-2020-14438

Name of the Vulnerable Software and Affected Versions nDPI versions prior to 3.2 Description The packet parsing code in nDPI is susceptible to a heap-based buffer over-read issue, specifically within the ndpi parse packet line info function located in lib/ndpi main.c. Recommendations For versions...