537 matches found
mini-deep-assign 安全漏洞
mini-deep-assign is a library by Alexander Personal Developer. A security vulnerability exists in mini-deep-assign version v0.0.8. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service and other impact via the assign method at /lib/index.js:91...
SUSE CVE-2024-40971
In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SBINLINECRYPT flag in defaultoptions In f2fsremount, SBINLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead t...
Malicious code in sap-ans (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 039a7fc0556d340f2ad4abfec6c8573743803edbe7e104947364c0332716d7c5 The OpenSSF Package Analysis project identified 'sap-ans' @ 0.0.0 npm as malicious. It is considered malicious because: - The package communicat...
Malicious code in sap-authchildform (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7050cc78b5ef30972e144f1f4e3f3af6bd67899aec66977a7395a0a35a529d4b The OpenSSF Package Analysis project identified 'sap-authchildform' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in sap-allusers (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d5eacfc5bc68ef30f29755795ed8ff32a858d41764d8e98b1e3e4525fe339f04 The OpenSSF Package Analysis project identified 'sap-allusers' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
Gogs Security Breach
Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0, which stems from...
PT-2024-28049 · Hush Line · Hush Line
Name of the Vulnerable Software and Affected Versions: Hush Line versions prior to 0.1.0 Description: Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute,...
GHSA-683X-4444-JXH8 Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML Extern...
AZL-42928 CVE-2024-6104 affecting package prometheus for versions less than 2.37.0-14
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
GHSA-WF7F-8FXF-XFXC MLFlow unsafe deserialization
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...
Blackprint 安全漏洞
Blackprint is a visual programming interface from Blackprint Open Source. A security vulnerability exists in blackprint version v.0.9.0, which originated from a vulnerability that allows attackers to execute arbitrary code via the utils.setDeepProperty function of engine.min.js...
PHP Shopping Cart SQL注入漏洞
PHP Shopping Cart is an open source shopping cart system by Phpjabbers. PHP Shopping Cart version 0.9 suffers from a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability that allows an attacker to retrieve all information stored in the database by sending a...
wasm3 安全漏洞
wasm3 is the fastest WebAssembly interpreter, as well as the most versatile runtime. A security vulnerability exists in version v0.5.0 of wasm3, which originates from a segmentation error via the function PreserveRegisterIfOccupied in wasm3/source/m3compile.c. The vulnerability is caused by the...
PT-2024-21084 · Viewerjs · Viewerjs
Name of the Vulnerable Software and Affected Versions: ViewerJS version 0.5.8 Description: An issue was discovered in ViewerJS where a script from the component loads content via URL TAGs without properly sanitizing it, leading to both open redirection and out-of-band resource loading...
Degradation of service in h2 servers with CONTINUATION Flood
An attacker can send a flood of CONTINUATION frames, causing h2 to process them indefinitely. This results in an increase in CPU usage. Tokio task budget helps prevent this from a complete denial-of-service, as the server can still respond to legitimate requests, albeit with increased latency. Mo...
VulnCheck KEV: CVE-2021-32849
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...
PT-2024-18240 · Garo · Garo Wallbox Glb+ T2Ev7
Name of the Vulnerable Software and Affected Versions: GARO WALLBOX GLB+ T2EV7 version 0.5 Description: A problematic issue was found in the Software Update Handler component, affecting an unknown part of the file /index.jspsettings. The manipulation of the Reference argument leads to cross-site...
CVE-2024-1647
Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...
Malicious code in rb-web-popup (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 04b85d0e4dc2479fa94e653c94a102e902b4154168a9797a2677ef30c1af062e The OpenSSF Package Analysis project identified 'rb-web-popup' @ 0.1.0 npm as malicious. It is considered malicious because: - The package...
Lotos WebServer Security Vulnerability
Lotos WebServer is a small but high-performance HTTP WebServer that follows the Reactor model and uses non-blocking IO and IO multiplexing epoll ET to handle concurrency. A security vulnerability exists in Lotos WebServer version v0.1.1, which was discovered to contain a memory reuse-after-freedo...