5 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via ExternalSecret resource handling for Service Account tokens. A user can impersonate service accounts by crafting ExternalSecret resources that cause the operator to create Secrets populated with long-lived...
PT-2023-24191
Name of the Vulnerable Software and Affected Versions ToUI versions 2.0.1 through 2.4.0 Description The issue affects websites that use the Website.user vars property. ToUI utilizes Flask-Caching SimpleCache to store user variables, which are stored on the server side. Recommendations For version...
PT-2020-6216 · Ilmbase +4 · Openexr +4
Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 2.4.1 Description: The issue is related to integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock functions, allowing an attacker to write to an out-of-bounds pointer...
PT-2020-6219 · Openexr +7 · Openexr +7
Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 2.4.1 Description: The issue is related to an out-of-bounds read and write in the std::vector, as demonstrated by ImfTileOffsets.cpp. This can potentially allow a remote attacker to cause a denial of service. The...
Arbitrary Code Execution
Overview apple/swift-nio-ssl is a TLS Support for SwiftNIO, based on BoringSSL. Affected versions of this package are vulnerable to Arbitrary Code Execution. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO...