64 matches found
GO-2024-3007 snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd
snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...
ai.djl.android:core (>=0.20.0 <=0.27.0), ai.djl.android:onnxruntime (>=0.20.0 <=0.27.0) +155 more potentially affected by CVE-2024-37902 via ai.djl:api (>=0.20.0 <=0.27.0)
ai.djl:api MAVEN version =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.26.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.27.0 and more Source cves: CVE-2024-37902 Source advisory: OSV:GHSA-W877-JFW7-46RJ...
ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +6727 more potentially affected by CVE-2024-2700 via io.quarkus:quarkus-core (>=0.11.0 <=3.2.11.Final)
io.quarkus:quarkus-core MAVEN version =0.11.0, =0.1.0, =0.1.0, =0.0.2, =0.1.1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.11 and more Source cves: CVE-2024-2700 Source advisory: OSV:GHSA-F8H5-V2VG-46RR...
cloud.piranha.extension:piranha-extension-hazelcast (>=21.11.0 <=22.2.0), cn.vertxup:infix-mysql (=0.8.1) +124 more potentially affected by CVE-2023-45859 via com.hazelcast:hazelcast (>=5.0 <=5.0.5)
com.hazelcast:hazelcast MAVEN version =5.0, =21.11.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.8.1 and more Source cves: CVE-2023-45859 Source advisory: OSV:GHSA-XH6M-7CR7-XX66...
cc.allio.uno:uno-core (>=1.1.9 <=1.2.1), cc.allio.uno:uno-data (>=1.1.9 <=1.2.1) +583 more potentially affected by CVE-2023-51079 via org.mvel:mvel2 (=2.5.0.Final)
org.mvel:mvel2 MAVEN version =2.5.0.Final is affected by a known vulnerability. The following packages have a transitive dependency on org.mvel:mvel2 and may be impacted: - cc.allio.uno:uno-core =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9...
am.ik.access-logger:access-logger (>=0.1.0 <=0.1.2), cn.herodotus.engine:event-core (=3.0.1.0) +618 more potentially affected by CVE-2023-34055 via org.springframework.boot:spring-boot-actuator (>=3.0.0 <=3.0.12)
org.springframework.boot:spring-boot-actuator MAVEN version =3.0.0, =0.1.0, =0.1.2 - cn.herodotus.engine:event-core =3.0.1.0 - cn.herodotus.engine:event-message-spring-boot-starter =3.0.1.0 - cn.herodotus.engine:event-pay-spring-boot-starter =3.0.1.0 -...
PT-2023-12781 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal core versions prior to the fixed version Description: The form API in Drupal core has a vulnerability that affects certain contributed or custom modules' forms, making them susceptible to improper input validation. This could allow an...
biz.netcentric.cq.tools.aemmjml:aemmjml-components-bundle (=0.1.0), com.adobe.aem.commons:assetshare.core (>=1.9.6 <=3.13.6) +23 more potentially affected by CVE-2022-35697 via com.adobe.cq:core.wcm.components.core (>=1.1.0 <=2.20.6)
com.adobe.cq:core.wcm.components.core MAVEN version =1.1.0, =1.9.6, =2012.12.01, =2012.12.01, =0.0.6, =0.0.4, =0.0.6, =0.0.6, =1.2.0, =0.1.0, =2.5.0, =2.10.0, =2.10.0, =2.10.0, =2.20.6 and more Source cves: CVE-2022-35697 Source advisory: OSV:GHSA-QCGC-6Q86-7X2P...
ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), be.objectify:deadbolt-core_2.10 (>=2.2.0 <=2.4.3) +1203 more potentially affected by CVE-2014-3558 via org.hibernate:hibernate-validator (>=5.0.0.Alpha1 <=5.1.1.Final)
org.hibernate:hibernate-validator MAVEN version =5.0.0.Alpha1, =1.0.0, =2.2.0, =2.4.0, =2.2.0, =2.4.0, =2.2.0, =2.4.0, =2.0.0, =4.0.0.Final, =4.3.0-beta-3 - br.com.caelum:vraptor-musicjungle =4.0.0-beta-1 - br.com.ingenieux.dropwizard:dropwizard-envvar =0.0.1 -...
cc.akkaha:asura-core_2.12 (=0.3.0), cc.akkaha:asura-dubbo_2.12 (>=0.2.0 <=0.6.0) +285 more potentially affected by CVE-2021-25640 via com.alibaba:dubbo (>=2.5.10 <=2.6.8)
com.alibaba:dubbo MAVEN version =2.5.10, =0.2.0, =0.1.5, =0.1.5, =11.0.1-RELEASE, =11.0.1-RELEASE, =1.0, =1.4.0, =1.4.0, =1.4.0, =1.0.0, =1.0.1 and more Source cves: CVE-2021-25640 Source advisory: OSV:GHSA-GW4J-4229-Q4PX...
org.eclipse.hono:client-device-connection-infinispan (>=1.2.0 <=1.12.3), org.eclipse.hono:hono-adapter-amqp-vertx (>=0.7 <=1.12.3) +67 more potentially affected by CVE-2020-27217 via org.eclipse.hono:hono-core (>=0.5 <=1.4.0)
org.eclipse.hono:hono-core MAVEN version =0.5, =1.2.0, =0.7, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.4.0, =0.8-M11, =0.8-M11, =1.10.0, =0.5, =0.5, =1.10.0, =0.5, =1.0-M5, =1.12.3 and more Source cves: CVE-2020-27217 Source advisory: OSV:GHSA-9F52-HPVW-V96W...
org.dspace.modules:additions (=7.0-preview-1), org.dspace.modules:oai (=7.0-preview-1) +12 more potentially affected by CVE-2021-41189 via org.dspace:dspace-api (=7.0-preview-1)
org.dspace:dspace-api MAVEN version =7.0-preview-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.dspace:dspace-api and may be impacted: - org.dspace.modules:additions =7.0-preview-1 - org.dspace.modules:oai =7.0-preview-1 - org.dspace.modules:rdf...
DRUPAL-CONTRIB-2021-017
This module provides a revision UI to Block Content entities. The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules. This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions...
DRUPAL-CONTRIB-2021-016
This module provides a revision UI to Linky entities. The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules. This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions provided ...
am.ik.blog:blog-mapper (>=4.0.0 <=4.6.0), app.myoss.cloud.mybatis:myoss-mybatis (>=2.0.0.RELEASE <=2.1.7.RELEASE) +8869 more potentially affected by CVE-2020-26945 via org.mybatis:mybatis (>=2.3.5 <=3.5.5)
org.mybatis:mybatis MAVEN version =2.3.5, =4.0.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =1.2.0, =20.3.0, =19.3.0, =20.3.0, =19.3.0, =19.3.0, =23.1.0, =2.23.0, =19.3.0, =19.3.0, =19.3.0, =0.1.0, =1.6.0 and more Source cves: CVE-2020-26945 Source advisory: OSV:GHSA-QQ48-M4JX-XQH8...
CVE-2021-22320
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS...
com.hubspot.mesos.rx.java.example:mesos-rxjava-example-framework (=0.1.0), com.hubspot.mesos.rx.java:mesos-rxjava-protobuf-client (=0.1.0) +4 more potentially affected by CVE-2018-11793 via org.apache.mesos:mesos (=1.6.1)
org.apache.mesos:mesos MAVEN version =1.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.mesos:mesos and may be impacted: - com.hubspot.mesos.rx.java.example:mesos-rxjava-example-framework =0.1.0 -...
am.ik.home:uaa-client (>=1.3.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.3.0 <=1.8.1) +229 more potentially affected by CVE-2018-1273 via org.springframework.data:spring-data-commons (>=1.13.0.RELEASE <=1.13.10.RELEASE)
org.springframework.data:spring-data-commons MAVEN version =1.13.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =0.0.1, =0.2.0, =1.0.6, =6.2.0.6, =6.2.0.5, =6.2.0.4, =6.2.0.4, =6.2.0.5, =1.2.0, =1.2.0, =1.6.6 and more Source cves: CVE-2018-1273 Source advisory: OSV:GHSA-4FQ3-MR56-CG6R...
org.apache.storm:flux-core (>=1.2.0 <=1.2.1), org.apache.storm:storm-elasticsearch-examples (>=1.2.0 <=1.2.1) +14 more potentially affected by CVE-2018-8008 via org.apache.storm:storm-core (>=1.2.0 <=1.2.1)
org.apache.storm:storm-core MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.1 and more Source cves: CVE-2018-8008 Source advisory: OSV:GHSA-898J-5CC8-CMF5...
python: Multiple integer overflows discovered by Google
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to 1 Include/pymem.h; 2 csv.c, 3 struct.c, 4 arraymodule.c, 5 audioop.c, 6 binascii.c, 7 cPickle.c, 8 cStringIO.c, 9 cjkcodecs/multibytecodec.c, 10...