Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-table exhaustion

Summary An unauthenticated remote denial-of-service vulnerability in Plug.Cowboy.Conn allows any attacker who can reach an HTTPS Plug.Cowboy listener via HTTP/2 to permanently exhaust the BEAM atom table and crash the entire Erlang VM. Am I Affected? All users running plugcowboy with HTTP/2 may b...

GHSA-Q8X4-X7MP-5VG2 Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-table exhaustion

Summary An unauthenticated remote denial-of-service vulnerability in Plug.Cowboy.Conn allows any attacker who can reach an HTTPS Plug.Cowboy listener via HTTP/2 to permanently exhaust the BEAM atom table and crash the entire Erlang VM. Am I Affected? All users running plugcowboy with HTTP/2 may b...

CVE-2025-13588

The CVE-2025-13588 affects lKinderBueno Streamity Xtream IPTV Player up to version 2.8. The vulnerable element is an unknown function in public/proxy.php, leading to server-side request forgery (SSRF) that can be triggered remotely. Public exploitation exists, with CVSS-derived notes indicating n...

Improper Neutralization of Special Elements Used in a Template Engine

Overview com.hubspot.jinjava:jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates at least the subset of jinja in use in HubSpot content. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a...

Server-side Request Forgery (SSRF)

Overview webfinger.js is an A client library to query WebFinger records Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebFinger class. An attacker can cause the server to send arbitrary GET requests to internal or external hosts, including localhost...

PYSEC-2024-13

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

PT-2024-1305 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.8.1 Description: The issue is related to a lack of authorization in Apache Airflow, allowing an authenticated user to access the source code of a DAG they do not have access to. This issue is considered low...

VulnCheck KEV: CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

SUSE CVE-2022-39282

FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using /parallel command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please...

DEBIAN-CVE-2022-39282

FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using /parallel command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please...

DEBIAN-CVE-2022-39283

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in...

PT-2022-5111 · Freerdp +9 · Freerdp +9

Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.8.1 Description: The issue is related to the use of uninitialized data when processing the /parallel command line switch in FreeRDP based clients on Unix systems. This could allow a remote attacker to read, modify,...

UBUNTU-CVE-2022-39237

syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...

PT-2022-23102 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when RandomPoissonV2 receives large input shape and rates,...

PT-2022-19459 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: Multiple TensorFlow operations misbehave in eager mode when the resource handle provided ...