All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-20…
[fast-string-search] Out-of-bounds Read in fast-string-search
All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory.
References
htt…
[parse-server] Authentication bypass vulnerability in Apple Game Center auth adapter
Impact
The certificate in Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData…
[inventree] XSS Vulnerability in Markdown Editor
Impact
InvenTree uses EasyMDE for displaying markdown text in various places (e.g. for the various “notes” fields associated with various models).
By default, EasyMDE does not sanitize input data, and it is possible for malicious code to be injected in…
[brotkrueml/typo3-matomo-integration] Cross-Site Scripting
The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.
References
https://github.com/FriendsOfPHP/security-advisories/blob/master/brotkrueml/typo3-matomo-int…
[brotkrueml/schema] Cross-Site Scripting
The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.
References
https://github.com/FriendsOfPHP/security-advisories/blob/master/brotkrueml/schema/CVE-2022-…
[OPCFoundation.NetStandard.Opc.Ua] Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua
A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception with a carefully crafted message.
References
https://github.com/OPCFoundation/UA-.NETStandard/secur…
[OPCFoundation.NetStandard.Opc.Ua] Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua
A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception by sending a large number of message chunks.
References
https://github.com/OPCFoundation/UA-.NETSta…
[OPCFoundation.NetStandard.Opc.Ua] Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua
A vulnerability was discovered in the OPC UA .NET Standard Stack that
allows a malicious client or server to bypass the application authentication mechanism
and allow a connection to an untrusted peer.
References
https://github.com/OPCFoundation/UA-…
[OPCFoundation.NetStandard.Opc.Ua] Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua
A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to trigger a stack overflow exception in a server that exposes an HTTPS endpoint.
References
https://github.com/OPCFoundation/UA-.NETStandard/security/advi…