![]() ![]() Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. This vulnerability has been patched in version 3.0.1. The amount of CPU time required can block worker processes from handling legitimate requests. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. Werkzeug is a comprehensive WSGI web application library. In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. This could lead to an out-of-bounds read. ![]() Santesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could allow an attacker to execute code in the context of the current process. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.ĭelta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. ![]() A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |