24 matches found
CVE-2026-45022
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...
EUVD-2020-6595
Malware in sbrugna...
EUVD-2024-0126
Malicious code in bioql PyPI...
CVE-2020-14458
An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004...
CVE-2024-46977
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllersh...
PYSEC-2024-121
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...
PYSEC-2024-100
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...
PYSEC-2024-121
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...
CVE-2024-47529 OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`)
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...
CVE-2024-46977 OpenC3 COSMOS allows a path traversal via screen controller (`GHSL-2024-127`)
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllersh...
CVE-2024-43795 OpenC3 COSMOS vulnerable to cross-site scripting in Login functionality (`GHSL-2024-128`)
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...
CVE-2024-43795
CVE-2024-43795 affects OpenC3 COSMOS Open Source Edition, with a reflected XSS vulnerability in the login functionality. Root cause: improper input handling in the login path allows script injection. Impact is limited to the Open Source Edition per the advisories; Enterprise Edition is not affect...
OpenC3 COSMOS 路径遍历漏洞
OpenC3 COSMOS is an OpenC3 open source application. A path traversal vulnerability exists in OpenC3 COSMOS versions prior to 5.19.0. An attacker exploits this vulnerability to download any .txt file by running ScreensControllershow on the web server...
OpenC3 COSMOS 跨站脚本漏洞
OpenC3 COSMOS is an OpenC3 open source application. A cross-site scripting vulnerability exists in OpenC3 COSMOS versions prior to 5.19.0. An attacker exploits this vulnerability to perform cross-site scripting attacks...
PT-2024-40120 · Sentry · Sentry-React-Native
Name of the Vulnerable Software and Affected Versions: sentry-react-native versions 5.16.0 through 5.19.0 Description: The issue allows Sentry auth tokens to be set in the optional authToken configuration parameter for debugging purposes, which could result in the auth token being built into the...
Exploit for Incorrect Authorization in Canonical Ubuntu_Linux
GameOverlay Ubuntu Privilege Escalation CVE-2023-2640...
Ubuntu: Security Advisory (USN-6192-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.21.0: Patch SC-202209.1
R1 Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.21.0: Patch SC-202209.1 Arnie Cabral Wed, 09/07/2022 - 10:46 Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components moment.js was found to contain...
PT-2024-8464 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0-rc7 Description: The issue is related to an infinite loop in the dax iomap rw function when the read system call is invoked with a count of 0. This can cause a WARNING report and an infinite loop. The iom...
Tenable SecurityCenter < 5.19.0 Multiple Vulnerabilities (TNS-2021-14)
According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is less than 5.19.0 and is therefore affected by multiple vulnerabilities in the following components: - Apache FOP - Underscore - Handlebars - PHP - sqlite Note that successful exploitatio...