50 matches found
com.baomidou:kisso (>=2.0 <=3.6.10), com.baomidou:spring-wind (>=1.0 <=1.1.4) +91 more potentially affected by CVE-2023-33201 via org.bouncycastle:bcprov-jdk14 (>=1.49 <=1.73)
org.bouncycastle:bcprov-jdk14 MAVEN version =1.49, =2.0, =1.0, =9.1.20, =0.1.1, =1.5.4, =2.2, =2.0.1, =7.0, =1.5, =12.3, =22.2.3 and more Source cves: CVE-2023-33201 Source advisory: OSV:GHSA-HR8G-6V94-X4M9...
@aothechbcn/frontend-idealbar--lib-idealbar (>=1.0.0 <=1.0.10), @brigad/redux-rest-easy (>=3.0.0 <=3.0.3) +54 more potentially affected by CVE-2022-24999 via qs (=6.6.0)
qs NPM version =6.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on qs and may be impacted: - @aothechbcn/frontend-idealbar--lib-idealbar =1.0.0, =3.0.0, =0.92.0, =1.0.1, =1.0.0, =5.1.0, =13.1.1-5e9b77d, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 -...
@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-31186 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)
next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-31186 Source advisory: OSV:GHSA-P6MM-27GQ-9V3P...
Security Bulletin: There are multiple security vulnerabilities in Apache Storm used by IBM Tivoli Netcool Manager.
Summary Apache-storm, used by IBM Tivoli Network Manager, contains many internal libraries which are vulnerable to various types of CVEs. Revealing sensitive information CVE-2021-28169, bypassing ACL validations CVE-2018-17196, heap based buffer overflow CVE-2015-5237, denial of service...
com.sksamuel.scruffy:scruffy-integrationtest_2.11 (=1.12.0), com.sksamuel.scruffy:scruffy-undertow_2.11 (>=1.9.0 <=1.12.0) +39 more potentially affected by CVE-2014-7816 via io.undertow:undertow-core (>=1.2.0.Beta1 <=1.2.0.Beta2)
io.undertow:undertow-core MAVEN version =1.2.0.Beta1, =1.9.0, =1.0.0.Alpha1, =1.2.0.Beta1, =1.2.0.Beta1, =1.2.0.Beta1, =0.5.1, =0.5.1, =1.0.0.Beta1, =1.0.0.Alpha9, =1.0.0.Beta1, =1.0.0.Beta1, =1.0.0.Beta1, =1.0.0.Beta1, =1.0.0.Beta1, =1.0.0.Beta4 and more Source cves: CVE-2014-7816 Source advisor...
com.actiontestscript:ats-automated-testing (>=1.1.1 <=1.7.8), com.actiontestscript:automated-testing (=1.1.1) +1 more potentially affected by CVE-2017-3202 via com.exadel.flamingo.flex:amf-serializer (=1.5.0)
com.exadel.flamingo.flex:amf-serializer MAVEN version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.exadel.flamingo.flex:amf-serializer and may be impacted: - com.actiontestscript:ats-automated-testing =1.1.1, =1.7.8 -...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +4314 more potentially affected by CVE-2009-1190 via org.springframework:spring-core (>=1.2 <=2.5.6.SEC03)
org.springframework:spring-core MAVEN version =1.2, =1.1, =1.3, =0.0.1, =1.0, =0.3, =1.0, =0.0.1, =1.2.1, =1.2.1, =1.0, =1.0.4 - cf.pgmann.plugins:url-auth-sso =1.0 and more Source cves: CVE-2009-1190 Source advisory: OSV:GHSA-WJJR-H4WH-W6VV...
@3kles/3kles-socketio (>=1.0.0 <=1.0.5), @livejack/broker (=1.3.4) +22 more potentially affected by CVE-2022-21676 via engine.io (=6.0.1)
engine.io NPM version =6.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on engine.io and may be impacted: - @3kles/3kles-socketio =1.0.0, =0.1.0, =8.1.2, =1.4.0, =0.4.11, =0.4.0, =0.4.0, =0.4.10, =0.4.11, =0.4.5, =5.0.0, =1.0.0-alpha.1, =1.0.0-alpha....
Client-Side JavaScript Prototype Pollution in oro/platform
Summary By sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. Workarounds Configure WAF to dro...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.1 <=4.6.0.0), ai.apiverse:apipulse (>='1.0.3' <=1.0.20) +6031 more potentially affected by CVE-2021-44832 via org.apache.logging.log4j:log4j-core (>=2.13.0 <=2.17.0)
org.apache.logging.log4j:log4j-core MAVEN version =2.13.0, =4.4.0.1, ='1.0.3', =0.0.2, =0.0.14, =2.1.0, =3.32.1.7, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.5.2 and more Source cves: CVE-2021-44832 Source advisory: OSV:GHSA-8489-44MV-GGJ8...
a62-emotion (>=0.10.12 <=0.11.4), agent-atm (>=0.1.0 <=0.1.1) +100 more potentially affected by CVE-2021-37673 via tensorflow-cpu (>=1.15.0 <=2.3.1)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =0.1.0, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.1.0.dev202107081840 and more Source cves: CVE-2021-37673 Source advisory: OSV:GHSA-278G-RQ84-9HMG...
ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ar.com.fdvs:DynamicJasper (=4.0.4) +5791 more potentially affected by CVE-2021-23926 via org.apache.xmlbeans:xmlbeans (>=2.2.0 <=2.6.0)
org.apache.xmlbeans:xmlbeans MAVEN version =2.2.0, =1.3, =1.10.2, =1.13.0, =1.0.1, =0.0.1, =1.1.8, =2.23.5, =2.23.5, =25.11.0 and more Source cves: CVE-2021-23926 Source advisory: OSV:GHSA-MW3R-PFMG-XP92...
com.github.mswolfe:spring-query-filter (>=4.2.0 <=4.3.2), io.github.cyjishuang:swagger-mode (=1.0) potentially affected by CVE-2020-5421 via org.springframework:spring-framework-bom (>=4.2.3.RELEASE <=4.3.14.RELEASE)
org.springframework:spring-framework-bom MAVEN version =4.2.3.RELEASE, =4.2.0, =4.3.2 - io.github.cyjishuang:swagger-mode =1.0 Source cves: CVE-2020-5421 Source advisory: OSV:GHSA-RV39-3QH7-9V7W...
com.credibledoc:log-labelizer (>=1.0.40 <=1.0.44), com.novocode:ornate_2.11 (>=0.3 <=0.5) +105 more potentially affected by CVE-2020-11023 +1 more via org.webjars.npm:jquery (>=1.11.3 <=3.4.1)
org.webjars.npm:jquery MAVEN version =1.11.3, =1.0.40, =0.3, =1.3.0, =1.3.0, =1.3.0, =3.2.0, =2.4.0, =3.0.0, =3.1.0, =4.1.3 - de.digitalcollections:streaming-server-euphoria =3.0.0 and more Source cves: CVE-2020-11023, CVE-2020-23064 Source advisory: OSV:GHSA-JPCQ-CGW6-V4J6...
au.com.skytix:mesos-scheduler-client (>=1.0.0 <=1.0.3), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +513 more potentially affected by CVE-2019-0201 via org.apache.zookeeper:zookeeper (>=3.5.1-alpha <=3.5.4-beta)
org.apache.zookeeper:zookeeper MAVEN version =3.5.1-alpha, =1.0.0, =2.1.7, =2.1.7, =2.1.7, =2.1.7, =2.1.7, =2.1.7, =2.1.7, =2.1.7, =3.6.5, =3.2.0, =2.2.0, =2.2.1 and more Source cves: CVE-2019-0201 Source advisory: OSV:GHSA-2HW2-62CP-P9P7...
Freddy - Automatically Identify Deserialisation Issues In Java And .NET Applications By Using Active And Passive Scans
A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs. This useful extension was originally developed by Nick Bloor @nickstadb for NCC Group and is mainly based on the work of Alvaro Muñoz and Oleksandr Mirosh, Friday the 13th: JSON Attacks, which they presented a...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.databand:dbnd-agent (>=0.42.1 <=0.80.6) +5726 more potentially affected by CVE-2018-14721 via com.fasterxml.jackson.core:jackson-databind (>=2.7.0 <=2.7.9.4)
com.fasterxml.jackson.core:jackson-databind MAVEN version =2.7.0, =0.3.0, =0.42.1, =0.42.1, =0.40.2, =0.42.1, =0.2, =0.8.0, =3.3.3, =0.0.1, =0.0.2, =0.0.3 - at.ac.ait.lablink.clients:sync =0.0.1 - at.ac.ait.lablink:core =0.0.1 and more Source cves: CVE-2018-14721 Source advisory:...
Searching statically-linked vulnerable library functions in executable code
Helping researchers find 0ld days Posted by Thomas Dullien, Project Zero Executive summary Software supply chains are increasingly complicated, and it can be hard to detect statically-linked copies of vulnerable third-party libraries in executables. This blog post discusses the technical details ...
ai.ylyue:yue-library-data-redis (>=Finchley.SR2.SR1 <=Finchley.SR4.1), am.ik.blog:blog-mapper (=4.6.0) +677 more potentially affected by CVE-2018-1259 via org.springframework.data:spring-data-commons (>=2.0.0.RELEASE <=2.0.6.RELEASE)
org.springframework.data:spring-data-commons MAVEN version =2.0.0.RELEASE, =Finchley.SR2.SR1, =2.0.3.RELEASE, =1.0.3.RELEASE, =1.0.0, =0.9.1, =1.1.4, =1.4.1, =1.5.1.beta - cn.com.zhaoweiping:Alpha-Framework =2.0.0.RELEASE - cn.gudqs:platform =1.0 and more Source cves: CVE-2018-1259 Source advisor...
Jenkins Multiple Vulnerabilities (Oct 2017) - Linux
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...