Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to the absence of authentication and authorization checks in the UPI management interface. An attacker can gain unauthorized access to read, modify, or delete UP-node and link topology data by sending...

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control inadequate authorization checks in the POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE /api/agents/:id/keys/:keyId routes. An attacker can gain unauthorized access to sensitive...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in several API endpoints that lack proper authentication checks. An attacker can access sensitive data, perform state-changing operations, and obtain internal configuration details by sending...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through the GenerateDeterministicNameFromSpec function in pkg/resolution/resource/name.go. An attacker can crash the controller and block all TaskRun/PipelineRun reconciliation by...

Buffer Access with Incorrect Length Value

Overview Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value via the readSeparateStripsIntoBuffer function in tiffcrop component. A process can crash on malformed TIFF directory that triggers a stack overflow. Remediation Upgrade libtiff to version 4.7.1 ...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse previously solved challenges by submitting a valid proof-of-work with a modified expiration value,...

Malicious code in phenomic-upgrade-library-loop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c6da63fbfa2e892e0a97bd188c12afa9f4a7f7644759a1b77e0465f69de6903 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-124399

Malicious code in node-config-upgrade-library-carpo npm...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the privatekeyfromfile function. An attacker can potentially access sensitive information or modify data, under certain circumstances such as the specified filename not existing. Note: The vulnerable function has been...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when validating SSH host certificate signatures. Due to a related issue in the processing of IsUserAuthority and IsHostAuthority by x/crypto/ssh, an attacker can gain unauthorized access by providing a signed SSH...

CVE-2023-33959

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Use...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection over the bucket tagging endpoint. External entities referenced in an AccessControlPolicy XML document are resolved and retrieved. This allows attackers to perform server-side request forgery SSRF attack...

CVE-2024-10382

There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the incorrect XPath selector due to improper verification of the SAML Response signature. An attacker with access to any signed SAML document can forge a SAML Response/Assertion...

CVE-2020-10560

An issue was discovered in Open Source Social Network OSSN through 5.3. A user-controlled file path with a weak cryptographic rand can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the...

[CLA-2002:448] Conectiva Linux Security Announcement - libgtop

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : libgtop SUMMARY : libgtop vulnerabilities DATE :...