Weekly Vulnerabilities Reports > September 19 to 25, 2022

Overview

107 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 52 high severity vulnerabilities. This weekly summary report vulnerabilities in 69 products from 49 vendors including Apple, Fedoraproject, Debian, ISC, and Tenda. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Out-of-bounds Read", "Use After Free", "Improper Encoding or Escaping of Output", and "Improper Verification of Cryptographic Signature".

  • 64 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 82 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 42 reported vulnerabilities.
  • Tenda has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

24 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-24 CVE-2022-23463 Nepxion Expression Language Injection vulnerability in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud.

9.8
2022-09-23 CVE-2022-40630 Tacitine Session Fixation vulnerability in Tacitine products

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper session management in the Tacitine Firewall web-based management interface.

9.8
2022-09-23 CVE-2022-36944 Scala Lang
Fedoraproject
Deserialization of Untrusted Data vulnerability in multiple products

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file.

9.8
2022-09-23 CVE-2022-40854 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)

Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set

9.8
2022-09-23 CVE-2022-40855 Tenda Out-of-bounds Write vulnerability in Tenda W20E Firmware 15.11.0.6

Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'.

9.8
2022-09-23 CVE-2022-40866 Tenda Out-of-bounds Write vulnerability in Tenda W20E Firmware 15.11.0.6

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/

9.8
2022-09-23 CVE-2022-40867 Tenda Out-of-bounds Write vulnerability in Tenda W20E Firmware 15.11.0.6

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/

9.8
2022-09-23 CVE-2022-40868 Tenda Out-of-bounds Write vulnerability in Tenda W20E Firmware 15.11.0.6

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/

9.8
2022-09-23 CVE-2022-3236 Sophos Injection vulnerability in Sophos Firewall

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

9.8
2022-09-23 CVE-2022-35951 Redis
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

Redis is an in-memory database that persists on disk.

9.8
2022-09-20 CVE-2022-37972 Microsoft Unspecified vulnerability in Microsoft Endpoint Configuration Manager 2103/2207

Microsoft Endpoint Configuration Manager Spoofing Vulnerability.

9.8
2022-09-20 CVE-2017-20148 Debian Unspecified vulnerability in Debian Logcheck

In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.

9.8
2022-09-20 CVE-2022-41138 Zutty Project Unspecified vulnerability in Zutty Project Zutty

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.

9.8
2022-09-20 CVE-2022-39955 Owasp
Fedoraproject
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes.
9.8
2022-09-20 CVE-2022-39956 Owasp
Fedoraproject
Improper Encoding or Escaping of Output vulnerability in multiple products

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set.

9.8
2022-09-19 CVE-2022-3218 Necta Improper Authentication vulnerability in Necta Wifi Mouse Server 1.7.8.5

Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.

9.8
2022-09-19 CVE-2022-35914 Glpi Project Injection vulnerability in Glpi-Project Glpi

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.

9.8
2022-09-19 CVE-2022-2840 Zephyr Project Manager Project SQL Injection vulnerability in Zephyr Project Manager Project Zephyr Project Manager

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections

9.8
2022-09-24 CVE-2022-36025 Linuxfoundation Incorrect Conversion between Numeric Types vulnerability in Linuxfoundation Besu

Besu is a Java-based Ethereum client.

9.1
2022-09-23 CVE-2022-32847 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

9.1
2022-09-23 CVE-2022-39227 Python JWT Project Authentication Bypass by Spoofing vulnerability in Python-Jwt Project Python-Jwt

python-jwt is a module for generating and verifying JSON Web Tokens.

9.1
2022-09-22 CVE-2022-40186 Hashicorp Unspecified vulnerability in Hashicorp Vault

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3.

9.1
2022-09-19 CVE-2022-37032 Frrouting Out-of-bounds Read vulnerability in Frrouting

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service.

9.1
2022-09-21 CVE-2022-30578 Tibco Cross-site Scripting vulnerability in Tibco EBX Add-Ons

The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system.

9.0

52 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-23 CVE-2022-22610 Apple Unspecified vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

8.8
2022-09-23 CVE-2022-22624 Apple Use After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

8.8
2022-09-23 CVE-2022-22628 Apple Use After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

8.8
2022-09-23 CVE-2022-22637 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

8.8
2022-09-23 CVE-2022-32211 Rocket Chat SQL Injection vulnerability in Rocket.Chat

A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.

8.8
2022-09-23 CVE-2022-32787 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

8.8
2022-09-20 CVE-2022-32886 Apple
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

A buffer overflow issue was addressed with improved memory handling.

8.8
2022-09-20 CVE-2022-32912 Apple Out-of-bounds Read vulnerability in Apple Ipados and Iphone OS

An out-of-bounds read was addressed with improved bounds checking.

8.8
2022-09-20 CVE-2022-40955 Apache Deserialization of Untrusted Data vulnerability in Apache Inlong

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server.

8.8
2022-09-19 CVE-2022-38577 Processmaker Improper Preservation of Permissions vulnerability in Processmaker 3.0.1.7/3.4.11

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page.

8.8
2022-09-23 CVE-2022-35893 Insyde Unspecified vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

8.2
2022-09-21 CVE-2022-2881 ISC Out-of-bounds Read vulnerability in ISC Bind

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

8.2
2022-09-25 CVE-2022-3297 VIM
Fedoraproject
Use After Free vulnerability in multiple products

Use After Free in GitHub repository vim/vim prior to 9.0.0579.

7.8
2022-09-25 CVE-2022-3296 VIM
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.

7.8
2022-09-23 CVE-2022-32814 Apple Type Confusion vulnerability in Apple products

A type confusion issue was addressed with improved state handling.

7.8
2022-09-23 CVE-2022-32815 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

7.8
2022-09-23 CVE-2022-32819 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

7.8
2022-09-23 CVE-2022-32820 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved input validation.

7.8
2022-09-23 CVE-2022-32826 Apple Unspecified vulnerability in Apple products

An authorization issue was addressed with improved state management.

7.8
2022-09-23 CVE-2022-32842 Apple Out-of-bounds Read vulnerability in Apple mac OS X and Macos

An out-of-bounds read issue was addressed with improved input validation.

7.8
2022-09-23 CVE-2022-2566 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 5.1

A heap out-of-bounds memory write exists in FFMPEG since version 5.1.

7.8
2022-09-23 CVE-2022-41322 Kovidgoyal
Fedoraproject
Improper Encoding or Escaping of Output vulnerability in multiple products

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution.

7.8
2022-09-22 CVE-2022-3256 VIM
Fedoraproject
Use After Free vulnerability in multiple products

Use After Free in GitHub repository vim/vim prior to 9.0.0530.

7.8
2022-09-20 CVE-2022-32908 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved input validation.

7.8
2022-09-20 CVE-2022-32911 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

7.8
2022-09-20 CVE-2022-32917 Apple Out-of-bounds Write vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved bounds checks.

7.8
2022-09-25 CVE-2022-41343 Dompdf Project Files or Directories Accessible to External Parties vulnerability in Dompdf Project Dompdf

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.

7.5
2022-09-24 CVE-2022-41340 Secp256K1 JS Project Improper Verification of Cryptographic Signature vulnerability in Secp256K1-Js Project Secp256K1-Js 1.0.0/1.0.1

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.

7.5
2022-09-24 CVE-2022-23464 Nepxion Server-Side Request Forgery (SSRF) vulnerability in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud.

7.5
2022-09-23 CVE-2022-32790 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

7.5
2022-09-23 CVE-2022-40188 NIC
Fedoraproject
Debian
Resource Exhaustion vulnerability in multiple products

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity.

7.5
2022-09-22 CVE-2022-1941 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Protobuf-Cpp

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures.

7.5
2022-09-21 CVE-2022-2795 ISC
Debian
Fedoraproject
Resource Exhaustion vulnerability in multiple products

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

7.5
2022-09-21 CVE-2022-2906 ISC Memory Leak vulnerability in ISC Bind

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources.

7.5
2022-09-21 CVE-2022-38177 ISC
Debian
Fedoraproject
Improper Verification of Cryptographic Signature vulnerability in multiple products

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak.

7.5
2022-09-21 CVE-2022-38178 ISC
Debian
Fedoraproject
Improper Verification of Cryptographic Signature vulnerability in multiple products

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak.

7.5
2022-09-21 CVE-2022-3080 ISC
Fedoraproject
Injection vulnerability in multiple products

By sending specific queries to the resolver, an attacker can cause named to crash.

7.5
2022-09-20 CVE-2022-39957 Owasp
Fedoraproject
Improper Encoding or Escaping of Output vulnerability in multiple products

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass.

7.5
2022-09-20 CVE-2022-39958 Owasp
Fedoraproject
Improper Encoding or Escaping of Output vulnerability in multiple products

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range.

7.5
2022-09-19 CVE-2022-28203 Mediawiki
Debian
Release of Invalid Pointer or Reference vulnerability in multiple products

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.

7.5
2022-09-19 CVE-2022-40468 Tinyproxy Project Insecure Default Initialization of Resource vulnerability in Tinyproxy Project Tinyproxy

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used.

7.5
2022-09-20 CVE-2022-2154 Intel
AMI
Out-of-bounds Write vulnerability in multiple products

Duplicate to Intel's CVE-2022-34345.

7.2
2022-09-20 CVE-2022-38340 Safe Path Traversal vulnerability in Safe FME Server

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload.

7.2
2022-09-23 CVE-2022-32797 Apple Unspecified vulnerability in Apple mac OS X and Macos

This issue was addressed with improved checks.

7.1
2022-09-23 CVE-2022-32807 Apple Unspecified vulnerability in Apple mac OS X and Macos

This issue was addressed with improved file handling.

7.1
2022-09-23 CVE-2022-32831 Apple Out-of-bounds Read vulnerability in Apple mac OS X and Macos

An out-of-bounds read was addressed with improved bounds checking.

7.1
2022-09-23 CVE-2022-32843 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

An out-of-bounds write issue was addressed with improved bounds checking.

7.1
2022-09-23 CVE-2022-32851 Apple Out-of-bounds Read vulnerability in Apple mac OS X and Macos

An out-of-bounds read issue was addressed with improved input validation.

7.1
2022-09-23 CVE-2022-32853 Apple Out-of-bounds Read vulnerability in Apple mac OS X and Macos

An out-of-bounds read issue was addressed with improved input validation.

7.1
2022-09-23 CVE-2022-2347 Denx Out-of-bounds Write vulnerability in Denx U-Boot

There exists an unchecked length field in UBoot.

7.1
2022-09-19 CVE-2022-38341 Safe Improper Input Validation vulnerability in Safe FME Server 2021.2.3

Safe Software FME Server v2021.2.5 and below does not employ server-side validation.

7.1
2022-09-21 CVE-2022-41222 Linux
Debian
Use After Free vulnerability in multiple products

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.

7.0

28 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-23 CVE-2022-32832 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

6.7
2022-09-23 CVE-2022-30121 Ivanti Unspecified vulnerability in Ivanti Endpoint Manager

The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables.

6.7
2022-09-20 CVE-2022-35957 Grafana
Fedoraproject
Authentication Bypass by Spoofing vulnerability in multiple products

Grafana is an open-source platform for monitoring and observability.

6.6
2022-09-20 CVE-2017-20147 Smokeping Unspecified vulnerability in Smokeping

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user.

6.5
2022-09-23 CVE-2022-41319 Veritas Cross-site Scripting vulnerability in Veritas Desktop and Laptop Option

A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI).

6.1
2022-09-19 CVE-2022-38339 Safe Cross-site Scripting vulnerability in Safe FME Server

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.

6.1
2022-09-23 CVE-2022-32799 Apple Out-of-bounds Read vulnerability in Apple mac OS X and Macos

An out-of-bounds read issue was addressed with improved bounds checking.

5.9
2022-09-23 CVE-2021-45035 Velneo Improper Authentication vulnerability in Velneo Vclient 28.1.3

Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default.

5.9
2022-09-23 CVE-2022-3278 VIM
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.

5.5
2022-09-23 CVE-2022-32783 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved checks.

5.5
2022-09-23 CVE-2022-32785 Apple NULL Pointer Dereference vulnerability in Apple products

A null pointer dereference was addressed with improved validation.

5.5
2022-09-23 CVE-2022-32786 Apple Unspecified vulnerability in Apple mac OS X and Macos

An issue in the handling of environment variables was addressed with improved validation.

5.5
2022-09-23 CVE-2022-32789 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved checks.

5.5
2022-09-23 CVE-2022-32800 Apple Unspecified vulnerability in Apple mac OS X and Macos

This issue was addressed with improved checks.

5.5
2022-09-23 CVE-2022-32805 Apple Unspecified vulnerability in Apple mac OS X and Macos

The issue was addressed with improved handling of caches.

5.5
2022-09-23 CVE-2022-32823 Apple Improper Initialization vulnerability in Apple products

A memory initialization issue was addressed with improved memory handling.

5.5
2022-09-23 CVE-2022-32849 Apple Unspecified vulnerability in Apple products

An information disclosure issue was addressed by removing the vulnerable code.

5.5
2022-09-21 CVE-2022-41218 Linux Use After Free vulnerability in Linux Kernel

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.

5.5
2022-09-20 CVE-2022-32854 Apple Incorrect Authorization vulnerability in Apple products

This issue was addressed with improved checks.

5.5
2022-09-20 CVE-2022-32864 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

5.5
2022-09-20 CVE-2022-32883 Apple Exposure of Resource to Wrong Sphere vulnerability in Apple products

A logic issue was addressed with improved restrictions.

5.5
2022-09-24 CVE-2022-39242 Parity Incorrect Calculation vulnerability in Parity Frontier 20210903/20211013

Frontier is an Ethereum compatibility layer for Substrate.

5.3
2022-09-21 CVE-2022-41235 Jenkins Unspecified vulnerability in Jenkins Wildfly Deployer 1.0.2

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.

5.3
2022-09-23 CVE-2022-32781 Apple Unspecified vulnerability in Apple products

This issue was addressed by enabling hardened runtime.

4.4
2022-09-23 CVE-2022-32782 Apple Unspecified vulnerability in Apple Macos

This issue was addressed by enabling hardened runtime.

4.4
2022-09-19 CVE-2022-28201 Mediawiki
Debian
Uncontrolled Recursion vulnerability in multiple products

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.

4.4
2022-09-20 CVE-2022-32795 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

This issue was addressed with improved checks.

4.3
2022-09-20 CVE-2022-32868 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

A logic issue was addressed with improved state management.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-23 CVE-2022-35252 Haxx
Netapp
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses.
3.7
2022-09-23 CVE-2022-39225 Parseplatform Incorrect Resource Transfer Between Spheres vulnerability in Parseplatform Parse-Server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.

3.1
2022-09-20 CVE-2022-32872 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

A logic issue was addressed with improved restrictions.

2.4