Label Studio Cross-Site Scripting Vulnerability

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats. A cross-site scripting vulnerability exists in Label Studio versio...

PT-2023-9033 · Msgpackr +1 · Msgpack +1

Name of the Vulnerable Software and Affected Versions: msgpackr versions prior to 1.10.1 Description: The issue is related to the decoding of user-supplied MessagePack messages, which can cause threads to become stuck in a loop. This can be triggered by crafting specific messages. Exploits seem t...

SUSE CVE-2013-4929

The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service loop via a crafted...

SUSE CVE-2013-4931

epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service loop via a crafted packet that is not properly handled by the GSM RR dissector...

SUSE CVE-2013-4932

Multiple array index errors in epan/dissectors/packet-gsmacommon.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service application crash via a crafted packet...

SUSE CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

PT-2023-14184 · WordPress · Post Status Notifier Lite

Name of the Vulnerable Software and Affected Versions: Post Status Notifier Lite WordPress plugin versions prior to 1.10.1 Description: The issue is related to a Reflected Cross-Site Scripting that can be used against high privilege users such as admin, due to the plugin not sanitising and escapi...

unbound: infinite loop via malformed DNS answers received from upstream servers

A flaw was found in unbound in versions prior to 1.10.1. An infinite loop can be created when malformed DNS answers are received from upstream servers. The highest threat from this vulnerability is to system availability...

Matomo Cross-Site Scripting Vulnerability

matomo is an open source web analytics application based on PHP and MySQL. A cross-site scripting vulnerability exists in matomo versions prior to 1.10.1. The vulnerability stems from the WEB application w failing to properly validate client-side data. An attacker can exploit the vulnerability to...

matomo cross-site scripting vulnerability (CNVD-2019-42239)

matomo is an open source web analytics application based on PHP and MySQL. A cross-site scripting vulnerability exists in matomo versions prior to 1.10.1. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerabilit...

CVE-2013-0194

Cross-site Scripting XSS in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195...

CVE-2013-0195

Cross-site Scripting XSS in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194...

Kubernetes Dashboard Authentication Bypass Vulnerability

Google Kubernetes is an open source Docker container cluster management system from Google, Inc. The system provides resource scheduling , deployment and operation , service discovery and scaling up and down for containerized applications.Kubernetes Dashboard is a Web-based common interface for...

ALPINE-CVE-2018-14355

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name...

UBUNTU-CVE-2018-14359

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data...

PT-2018-3302 · Mutt +7 · Mutt +7

Name of the Vulnerable Software and Affected Versions: Mutt versions prior to 1.10.1 NeoMutt versions prior to 2018-07-16 Description: The issue allows remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic...

Open Whisper Signal Cross-Site Scripting Vulnerability

Open Whisper Signal aka Signal-Desktop is a live chat application with encryption. A cross-site scripting vulnerability exists in the js/views/messageview.js file in Open Whisper Signal versions prior to 1.10.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HT...

DEBIAN-CVE-2013-4928

Integer signedness error in the dissectheaders function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service infinite loop via a crafted packet...

DEBIAN-CVE-2013-4925

Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted packet...