187 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the handleNewCR function. An attacker can execute arbitrary commands by submitting a specially crafted custom resource with malicious input fields that can escape the constructed lmeval command. Note: Successful...
Deserialization of Untrusted Data
Overview inspiremusic is an InspireMusic: A Fundamental Music, Song and Audio Generation Framework and Toolkits Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the load function in the file cli/model.py. An attacker can manipulate internal data...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the improper verification of SignatureValue within SignerInfo. An attacker can manipulate the integrity of signed data by crafting a malicious signature that bypasses validation...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow in hotspot/compiler due to improper handling of buffers in addnode.cpp. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Commit - GitHub Commit - GitHub Commi...
Server-side Request Forgery (SSRF)
Overview agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the requests wrapper. An attacker can manipulate the request process to access unauthorized data or interact with internal services by...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the soupmultipartnewfrommessage function. An attacker can induce the server to read out of bounds by sending a specially crafted HTTP request. Remediation A fix was pushed into the master branch but not yet...
Expected Behavior Violation
Overview Affected versions of this package are vulnerable to Expected Behavior Violation due to the behavior of the DisableForwarding directive in sshd8, which fails to disable X11 forwarding and agent forwarding by default. An attacker can bypass intended security restrictions. Remediation A fix...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the LoadArchiveFiles function in archive.go. An attacker can disrupt service by supplying an archive whose decompressed size is very large. Remediation A fix was pushed into the...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in v8. Remediation A fix was pushed into the...
Heap-based Buffer Overflow
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in v8, when processing a very large number of parameters. Remediation A fix was...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the component grayfindcell. An attacker can cause a crash of the application by sending specially crafted inputs that trigger a segmentation violation. Remediation A fix was pushed into the master branch but...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write due to the component blendtransformedtiledargb.isra.0. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Issue - PoC Credit: keepinggg...
Out-of-bounds Write
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can potentially exploit heap corruption by sending...
Detection of Error Condition Without Action
Overview Affected versions of this package are vulnerable to Detection of Error Condition Without Action when files are being copied from a client to a server. This allows a server to leak the contents of an arbitrary file from the client's machine. Remediation A fix was pushed into the master...
Missing Authentication for Critical Function
Overview django-mdeditor is an A simple Django app to edit markdown text. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free through the ForEachModule process. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Gist - GitHub Issue - GitHub PR Credit: Ziyi Guo...
Privilege Context Switching Error
Overview aimeos/ai-admin-graphql is an Aimeos Admin GraphQL API extension Affected versions of this package are vulnerable to Privilege Context Switching Error through the SaaS and marketplace setups. An attacker can disrupt service availability by overwhelming the system with requests. Note: The...
Improper Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions due to an invalid parse of the title in the vector-intro-page message. Remediation A fix was pushed into the master branch but not yet published. References - Gerrit Wikimedia - GitHub Commit ...
Uncontrolled Resource Consumption ('Resource Exhaustion')
Overview Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the newToken function. An attacker can cause a denial of service by exploiting the memory leak issue. Remediation A fix was pushed into the master branch but not yet published...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation which allows a remote attacker to cause a Denial of Service DoS via a crafted PDF file in OutlineItem::open. Remediation Upgrade poppler to version 25.11.0 or higher. References - Fix Commit - Issue - RedHat...