14 matches found
EUVD-2025-198271
@perfood/couch-auth may expose session tokens, passwords...
CouchAuth 安全漏洞
CouchAuth is a Perfood open source authentication API. A security vulnerability exists in CouchAuth version 0.21.2, which stems from session tokens and passwords being stored in JavaScript objects and not explicitly cleared, which could lead to sensitive data disclosure and session hijacking...
EUVD-2016-2682
Malware in sbrugna...
OPENSUSE-SU-2025:15550-1 cargo-audit-0.21.2~git0.18e58c2-2.1 on GA media
These are all security issues fixed in the cargo-audit-0.21.2git0.18e58c2-2.1 package on the GA media of openSUSE Tumbleweed...
CVE-2024-29032
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskitibmruntime.RuntimeDecoder can lead to arbitrary code...
CouchAuth has a Server-Side Template Injection vulnerability in its email functionality
A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...
CVE-2024-29032
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskitibmruntime.RuntimeDecoder can lead to arbitrary code...
CVE-2024-29032 `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskitibmruntime.RuntimeDecoder can lead to arbitrary code...
PT-2024-21132 · Nanomq · Nanomq
Name of the Vulnerable Software and Affected Versions: nanomq version 0.21.2 Description: The issue is a Use-After-Free vulnerability located in /nanomq/nng/src/core/socket.c. Recommendations: For nanomq version 0.21.2, at the moment, there is no information about a newer version that contains a...
NanoMQ Security Vulnerabilities
NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open-sourced by EMQ Technologies. A security vulnerability exists in NanoMQ version 0.21.2, which stems from a post-release reuse vulnerability in the /nanomq/nng/src/core/socket.c file...
[ASA-202112-12] grafana-agent: information disclosure
Arch Linux Security Advisory ASA-202112-12 ========================================== Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-41090 Package : grafana-agent Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2614 Summary ======= The package grafana-agen...
Cross site scripting
Cross Site Scripting XSS in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter...
PT-2021-10372 · Unknown · Racktables
Name of the Vulnerable Software and Affected Versions: Racktables version 0.21.2 Description: The issue allows an attacker to inject arbitrary web script or HTML via the op parameter in the redirect module. This enables the attacker to perform Cross Site Scripting XSS attacks. Recommendations: Fo...
CVE-2016-1587
The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store,...