Lucene search
K

196 matches found

PyPA
PyPA
added 2023/11/09 3:15 p.m.7 views

PYSEC-2023-274

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

9.8CVSS7AI score0.01241EPSS
Exploits3References5Affected Software1
Prion
Prion
added 2023/11/09 3:15 p.m.20 views

Format string

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

6.5CVSS7.5AI score0.01241EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2023/11/09 3:15 p.m.10 views

PYSEC-2023-274

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

8.8CVSS9.8AI score0.01241EPSS
Exploits3References4
CVE
CVE
added 2023/11/09 2:42 p.m.63 views

CVE-2023-43791

Label Studio (before 1.8.2) is affected by an ORM Leak chain that can impersonate any account, enabling privilege escalation to a Django Super Administrator. A patch was introduced in 1.8.2. Public references describe a hard-coded SECRET_KEY vulnerability and a follow-on exploit path that leverag...

9.8CVSS9.6AI score0.01241EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2023/11/09 2:42 p.m.31 views

CVE-2023-43791 Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

9.8CVSS6.9AI score0.01241EPSS
Exploits3References6
OSV
OSV
added 2023/10/12 5:15 p.m.9 views

AZL-34889 CVE-2023-45142 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7AI score0.01364EPSS
Exploits0References1
OSV
OSV
added 2023/10/12 5:15 p.m.4 views

AZL-39972 CVE-2023-45142 affecting package moby-engine for versions less than 24.0.9-10

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.1AI score0.01364EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2023/08/25 11:3 a.m.21 views

Hacking Food Labeling Laws

This article talks about new Mexican laws about food labeling, and the lengths to which food manufacturers are going to ensure that they are not effective. There are the typical high-pressure lobbying tactics and lawsuits. But theres also examples of companies hacking the laws: Companies like...

6.8AI score
Exploits0
Fedora
Fedora
added 2023/08/20 12:45 a.m.27 views

[SECURITY] Fedora 37 Update: libreswan-4.12-1.fc37

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

6.5CVSS6.8AI score0.00691EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/08/20 12:0 a.m.22 views

Fedora: Security Advisory for libreswan (FEDORA-2023-dbc6d8a124)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.00691EPSS
Exploits0References2
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/08/07 4:0 p.m.14 views

Adopting guidance from the US National Cybersecurity Strategy to secure the Internet of Things

The recently published United States National Cybersecurity Strategy warns that many popular Internet of Things IoT devices are not sufficiently secure to protect against many of today’s common cybersecurity threats.1 The strategy also cautions that many of these IoT devices are difficult—or, in...

7.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/08/07 4:0 p.m.13 views

Adopting guidance from the US National Cybersecurity Strategy to secure the Internet of Things

The recently published United States National Cybersecurity Strategy warns that many popular Internet of Things IoT devices are not sufficiently secure to protect against many of today’s common cybersecurity threats.1 The strategy also cautions that many of these IoT devices are difficult—or, in...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2023/05/14 12:0 a.m.26 views

Fedora: Security Advisory for libreswan (FEDORA-2023-60faf77aca)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.01175EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/05/14 12:0 a.m.26 views

Fedora: Security Advisory for libreswan (FEDORA-2023-30f824b8b8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.01606EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/05/14 12:0 a.m.13 views

Fedora: Security Advisory for libreswan (FEDORA-2023-19046bf703)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.01175EPSS
Exploits0References2
Fedora
Fedora
added 2023/05/13 2:28 a.m.30 views

[SECURITY] Fedora 37 Update: libreswan-4.11-1.fc37

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

7.5CVSS7.7AI score0.01175EPSS
Exploits0
Fedora
Fedora
added 2023/05/13 2:27 a.m.25 views

[SECURITY] Fedora 38 Update: libreswan-4.11-1.fc38

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

7.5CVSS7.7AI score0.01175EPSS
Exploits0
Fedora
Fedora
added 2023/05/13 1:21 a.m.31 views

[SECURITY] Fedora 36 Update: libreswan-4.11-1.fc36

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

7.5CVSS7.3AI score0.01606EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/04/23 12:0 a.m.16 views

Fedora: Security Advisory for libreswan (FEDORA-2023-42ec148952)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.01606EPSS
Exploits1References2
Fedora
Fedora
added 2023/04/22 10:23 p.m.30 views

[SECURITY] Fedora 38 Update: libreswan-4.10-1.fc38

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

6.5CVSS6.8AI score0.01606EPSS
Exploits1
Rows per page
Query Builder