SUSE CVE-2022-46149

Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...

API Umbrella Web 跨站脚本漏洞

API Umbrella Web is an open source library from National Renewable Energy Laboratory. A cross-site scripting vulnerability exists in API Umbrella Web version 0.7.1, which stems from an issue with unknown code in the component Flash Message Handler that can lead to cross-site scripting...

PT-2023-10251 · Nrel · Api-Umbrella-Web

Name of the Vulnerable Software and Affected Versions: NREL api-umbrella-web version 0.7.1 Description: A problematic issue was found in the Flash Message Handler component, leading to cross site scripting. The attack can be initiated remotely. Recommendations: For NREL api-umbrella-web version...

GHSA-WWR4-79JV-297R Missing permission checks in Google Kubernetes Engine Jenkins Plugin

A missing permission check in Jenkins Google Kubernetes Engine Plugin Prior to version 0.7.1 allows attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. This issue is patched in version 0.7.1...

[SECURITY] [DLA 2958-1] usbredir security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2958-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 21, 2022 https://wiki.debian.org/LTS -...

Cross site scripting

Livy server version 0.7.0-incubating only is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating...

CVE-2020-15093

The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...

CVE-2020-15093 Improper verification of signature threshold in tough

The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...

Design/Logic Flaw

In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user vi...

logkitty npm package code injection vulnerability

The logkitty npm package is a package for displaying Android and iOS logs. A code injection vulnerability in logkitty npm package versions prior to 0.7.1, which stems from the program's lack of output cleanup, can be exploited by an attacker to execute arbitrary shell commands...

CVE-2020-8149

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

CVE-2019-12998

c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used for real funds."...

PT-2019-11839 · Jenkins · Jenkins Google Kubernetes Engine Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Kubernetes Engine Plugin versions prior to 0.7.1 Description: A missing permission check in the Jenkins Google Kubernetes Engine Plugin allowed attackers with Overall/Read permission to obtain limited information about the scop...

GPAC Memory Leakage Vulnerability

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A memory leak vulnerability exists in dinfRead in isomedia/boxcodebase.c in GPAC 0.7.1. No detailed vulnerability details are provided at this time...

PT-2019-10441 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 0.7.1 Description: The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash, via a crafted file. This is related to the audio sample entry AddBox function at...

GPAC Null Pointer Dereference Vulnerability

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A null pointer dereference vulnerability exists in the gfisomgetoriginalformattype function in isomedia/drmsample.c in libgpac.a in GPAC 0.7.1. No details of the vulnerability are provided at this time...

GPAC Null Pointer Dereference Vulnerability (CNVD-2019-40582)

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A null pointer dereference vulnerability exists in the GetESD function in isomedia/track.c in libgpac.a in GPAC 0.7.1. No detailed vulnerability details are provided at this time...

atftp code issue vulnerability

atftp is a client implementation of the TFTP protocol. A security vulnerability exists in atftp version 0.7.1. An attacker can exploit this vulnerability to cause a denial of service...

atftp Buffer Overflow Vulnerability

atftp is a client implementation of the TFTP protocol. A buffer overflow vulnerability exists in atftp version 0.7.1. The vulnerability stems from a network system or product performing operations in memory without properly validating data boundaries, resulting in incorrect read and write...

GPAC Buffer Overflow Vulnerability (CNVD-2019-13566)

GPAC is an open source multimedia framework. A buffer error vulnerability exists in GPAC version 0.7.1. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect read and write operations being...