171 matches found
PyAnsys Geometry 安全漏洞
PyAnsys Geometry is an Ansys open source Python client library for the Ansys Geometrics service and other CAD Ansys products such as Ansys Discovery and Ansys SpaceClaim. A security vulnerability exists in PyAnsys Geometry. An attacker can exploit the vulnerability to perform malicious actions on...
GHSA-X2H8-QMJ4-G62F ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...
CVE-2024-28862
The CVE-2024-28862 entry concerns the Ruby One Time Password library (ROTP). Affected versions had overly permissive default file permissions (0666) on Ruby .rb files, enabling potential local access/impact due to insecure permissions. The advisory advises upgrading to version 6.3.0; if patching ...
Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution
Cisco Talos has disclosed more than 30 vulnerabilities in February, including seven in Adobe Acrobat Reader, one of the most popular PDF editing and reading software currently available. Adversaries could exploit these vulnerabilities to trigger the reuse of a previously freed object, thus causin...
libLAS Security Vulnerabilities
libLAS is a libLAS open source library for reading and writing geospatial data encoded in the ASPRS laser file format versions 1.0, 1.1 and 1.2. A security vulnerability exists in libLAS version 1.8.1, which originates from a memory leak contained in /libLAS/apps/ts2las.cpp...
van_der_Schaar LAB synthcity code issue vulnerability
synthcity is a vanderSchaar LAB open source library for generating and evaluating synthetic tabular data. A code issue vulnerability exists in vanderSchaar LAB synthcity version 0.2.9, which stems from an incorrect operation that can lead to deserialization...
Security Bulletin: Vulnerability in ZooKeeper affects IBM Process Mining CVE-2023-44981
Summary There is a vulnerability in ZooKeeper that could allow an attacker to bypass security restrictions on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44981...
O-RAN Software Community ric-plt-e2mgr Security Vulnerability
O-RAN Software Community ric-plt-e2mgr is an open source library from O-RAN Software Community. A security vulnerability exists in O-RAN Software Community ric-plt-e2mgr. An attacker could exploit this vulnerability to cause a denial of service DoS by sending a specially crafted request to the...
CVE-2023-47551
Cross-Site Request Forgery CSRF vulnerability in RedNao Donations Made Easy – Smart Donations.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12...
aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46445 via asyncssh (>=1.10.0 <=2.14.0)
asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.21 and more Source cves: CVE-2023-46445 Source advisory: OSV:GHSA-CFC2-WR2V-GXM5...
Fedora: Security Advisory for folly (FEDORA-2023-7934802344)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OAuth Identity XWiki App Cross-Site Scripting Vulnerability
OAuth Identity XWiki App is an open source XWiki SAS library of essential elements for building identities and service providers based on OAuth authorization. A cross-site scripting vulnerability exists in OAuth Identity XWiki App, which stems from the identityOAuth parameter sent in a GET reques...
TorchServe Pre-Auth Remote Code Execution
Impact Use of Open Source Library potentially exposed to RCE Issue: Use of a version of the SnakeYAML v1.31 open source library with multiple issues that potentially exposes the user to unsafe deserialization of Java objects. This could allow third parties to execute arbitrary code on the target...
Armeria 安全漏洞
Armeria is an open source library for building asynchronous microservers that use HTTP/2 as the session layer protocol. A security vulnerability exists in versions of Armeria prior to 1.24.3, which stems from a vulnerability that allows the use of JettyService paths containing matrix variables to...
CVE-2023-36464 Infinite Loop when a comment isn't followed by a character in pypdf
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the yajltreeparse function. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other vulnerabilities, DoS attacks...
API Umbrella Web 跨站脚本漏洞
API Umbrella Web is an open source library from National Renewable Energy Laboratory. A cross-site scripting vulnerability exists in API Umbrella Web version 0.7.1, which stems from an issue with an unknown portion of the component Admin Data Table Handler that can lead to a cross-site scripting...
API Umbrella Web 跨站脚本漏洞
API Umbrella Web is an open source library from National Renewable Energy Laboratory. A cross-site scripting vulnerability exists in API Umbrella Web version 0.7.1, which stems from an issue with unknown code in the component Flash Message Handler that can lead to cross-site scripting...
definely 跨站脚本漏洞
definely is an open source library from Ritter Insurance Marketing. Designed to allow words and abbreviations to be created and linked to definely. A cross-site scripting vulnerability exists in definely. An attacker could exploit this vulnerability to perform a cross-site scripting attack...
show-me-the-way 跨站脚本漏洞
show-me-the-way is an open source library from OSM Lab. It is used to view OSM edits made in real time. A cross-site scripting vulnerability exists in OSM Lab show-me-the-way, which stems from some unknown handling of the file js/site.js being problematic and can lead to cross-site scripting...