4 matches found
BIT-PARSE-2026-30966 Parse Server role escalation and CLP bypass via direct `_Join` table write
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2 and 8.6.20, Parse Server's internal tables, which store Relation field mappings such as role memberships, can be directly accessed via the REST API or GraphQL API by any client...
net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.
A flaw was found in net-snmp. A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference issue...
x86 PV guests may be able to mask interrupts
ISSUE DESCRIPTION Certain PV guest kernel operations page table writes in particular need emulation, and use Xen's general x86 instruction emulator. This allows a malicious guest kernel which asynchronously modifies its instruction stream to effect the clearing of EFLAGS.IF from the state used to...
xen-kernel -- x86 PV guests may be able to mask interrupts
The Xen Project reports: Certain PV guest kernel operations page table writes in particular need emulation, and use Xen's general x86 instruction emulator. This allows a malicious guest kernel which asynchronously modifies its instruction stream to effect the clearing of EFLAGS.IF from the state...