AZL-6362 CVE-2021-22923 affecting package curl for versions less than 7.76.0-5

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +162 more potentially affected by CVE-2021-29539 via tensorflow-gpu (>=1.10.1 <=2.2.0)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-29539 Source advisory: OSV:PYSEC-2021-665...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +92 more potentially affected by CVE-2021-29553 via tensorflow (>=2.4.0 <=2.4.1)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.0.0, =0.0.0.post0 and more Source cves: CVE-2021-29553 Source advisory: OSV:PYSEC-2021-190...

accuinsight (>=1.0.62 <=3.0.0rc2), adapt-diagnostics (>=1.2.0 <=1.6.0) +110 more potentially affected by CVE-2021-29559 via tensorflow (>=2.3.0 <=2.3.2)

tensorflow PYPI version =2.3.0, =1.0.62, =1.2.0, =0.1.0, =0.0.1a0, =0.0.1, =1.0.0rc1, =20210206.0.0, =0.1.0.dev1, =0.2.4, =1.0.1.0, =1.0.3 - cardec-cite =1.1.0 and more Source cves: CVE-2021-29559 Source advisory: OSV:PYSEC-2021-196...

USN-4741-1 libjackson-json-java vulnerabilities

It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code...

cid (>=0.3.2 <=0.4.0), dag-cbor (=0.1.0) +41 more potentially affected by CVE-2020-35909 via multihash (=0.10.1)

multihash CARGO version =0.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on multihash and may be impacted: - cid =0.3.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.5.1, =0.0.1, =0.0.2 - libipld =0.1.0 - libipld-base =0.1.0 - libipld-core...

2bsafe-api (>=1.0.1 <=1.0.2), 3architecture (>=1.0.0 <=1.7.0) +2321 more potentially affected by CVE-2020-7765 via @firebase/util (>=0.1.10-canary.a1020bf <=0.3.4-2020103231751)

@firebase/util NPM version =0.1.10-canary.a1020bf, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.1, =1.0.24, =0.65.0, =0.53.0, =0.50.0, =1.0.1, =0.0.2, =0.0.1, =0.1.0 and more Source cves: CVE-2020-7765 Source advisory: SNYK:JS-FIREBASEUTIL-1038324...

[SECURITY] [DLA 2405-1] httpcomponents-client security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2405-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 10, 2020 https://wiki.debian.org/LTS -...

library.cqpress.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1080564 Security Researcher haxmov Helped patch 543 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting library.cqpress.com website a...

RPD:bmc-rpd (=1.1), ae.teletronics.nlp:entityextraction (>=1.3 <=1.4) +40386 more potentially affected by CVE-2019-17571 via log4j:log4j (>=1.2.11 <=1.2.17)

log4j:log4j MAVEN version =1.2.11, =1.3, =0.0.5, =1.0.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.2.10 and more Source cves: CVE-2019-17571 Source advisory: OSV:GHSA-2QRG-X229-3V8Q...

PT-2019-5516 · Openwrt · Ustream-Ssl +1

Name of the Vulnerable Software and Affected Versions: OpenWrt versions 15.05.1 and 18.06.4 Description: An information leak vulnerability exists in the ustream-ssl library of OpenWrt. When connecting to a remote server, the server's SSL certificate is checked, but no action is taken when the...

GHSA-FHJF-83WG-R2J9 Prototype Pollution in mixin-deep

Versions of mixin-deep prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The mixinDeep function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...

Design/Logic Flaw

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

@antarctica/bas-style-kit (>=0.5.0 <=0.5.0-beta), @antistatique/retraitespopulaires-styleguide (>=0.0.1 <=1.8.4) +153 more potentially affected by CVE-2018-20677 via bootstrap-sass (>=2.3.2 <=3.3.7)

bootstrap-sass NPM version =2.3.2, =0.5.0, =0.0.1, =0.0.1, =0.533.0, =8.0.0, =0.1.0, =2.0.2, =0.1.0, =0.0.1, =1.0.0, =1.0.1 - @opuscapita/oc-common-ui =8.3.3 and more Source cves: CVE-2018-20677 Source advisory: OSV:GHSA-PH58-4VRJ-W6HR...

aacrgenie (>=9.0.0 <=12.5.0), aalam-common (=0.1.78) +549 more potentially affected by CVE-2013-7459 via pycrypto (>=2.4.1 <=2.6.1)

pycrypto PYPI version =2.4.1, =9.0.0, =0.0.8, =1.1.3, =1.0.1, =3.4.0, =0.4.0b0, =3.0.0b1, =0.0.2, =0.0.1, =1.0.0, =0.0.4, =0.3.1 and more Source cves: CVE-2013-7459 Source advisory: OSV:GHSA-CQ27-V7XP-C356...

ai.ylyue:yue-library-base (>=Finchley.SR2.SR1 <=Finchley.SR4.1), ai.ylyue:yue-library-base-crypto (>=Finchley.SR4 <=Finchley.SR4.1) +3026 more potentially affected by CVE-2018-1271 via org.springframework:spring-core (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =0.0.2, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.2.RELEASE, =2.0.2.RELEASE, =2.0.3.RELEASE, =2.0.7.RELEASE and...

ALPINE-CVE-2018-14679

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service uninitialized data dereference and application crash...

library.rts.edu XSS vulnerability

Open Bug Bounty ID: OBB-248464 Description| Value ---|--- Affected Website:| library.rts.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

AZL-45366 CVE-2016-9843 affecting package openjpeg2 2.3.1-12

The crc32big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation...

SUSE-SU-2016:3301-1 Security update for tiff

The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues. - CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools bnc914890 - CVE-2016-9297: tifdirread.c read outside buffer in TIFFPrintField bnc1010161 - CVE-2016-3658: Illegal read i...