941 matches found
CVE-2024-34075
kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...
CVE-2024-34075
CVE-2024-34075 (kurwov) affects the Markov chain library kurwov. A flaw in the unsafe sanitization in MarkovData#getNext (used by Markov#generate and Markov#choose) lets a crafted dataset string bypass sanitization when it contains the forbidden substring "proto " followed by a space, by manipula...
CVE-2024-34075 kurwov vulnerable to Denial of Service due to improper data sanitization
kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...
@audius/fetch-nft (>=0.1.8-beta.1 <=0.2.6), @audius/sdk (>=3.0.8-beta.13 <=4.2.0) +52 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.78.0 <=1.78.7)
@solana/web3.js NPM version =1.78.0, =0.1.8-beta.1, =3.0.8-beta.13, =0.0.10, =2.20.1-beta.306, =14.2.1-beta.306, =2.2.3-alpha.61, =1.0.1-rc.0, =2.21.0, =2.6.0, =0.0.5-beta.0, =1.1.0, =1.1.11 - @ctrl-tech/chains-controller =2.0.5 - @ctrl-tech/chains-solana =2.0.18 and more Source cves:...
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: spire-server-fips, falco, apko, melange, goreleaser, ko, policy-controller-fips, zot, tkn-fips, neuvector-sigstore-interface, chainctl, vexctl, zarf, aactl, skaffold, slsa-verifier, kubescape, policy-controller, falcoctl-fips, gitsign, ko-fips, tekton-chains, tkn,...
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: skaffold, flux-source-controller, slsa-verifier, falcoctl, aactl, zot, policy-controller, zarf, ko, wolfictl, goreleaser, kubescape, tkn, melange, vexctl, falco, gitsign, tekton-chains, neuvector-sigstore-interface, spire-server, apko...
GHSA-88JX-383Q-W4QC vulnerabilities
Vulnerabilities for packages: skaffold, flux-source-controller, slsa-verifier, falcoctl, aactl, zot, policy-controller, zarf, ko, wolfictl, goreleaser, kubescape, tkn, melange, vexctl, falco, gitsign, tekton-chains, neuvector-sigstore-interface, spire-server, apko...
CVE-2024-29903 vulnerabilities
Vulnerabilities for packages: spire-server-fips, falco, apko, melange, goreleaser, ko, policy-controller-fips, zot, tkn-fips, neuvector-sigstore-interface, chainctl, vexctl, zarf, aactl, skaffold, slsa-verifier, kubescape, policy-controller, falcoctl-fips, gitsign, ko-fips, tekton-chains, tkn,...
CVE-2024-29903 vulnerabilities
Vulnerabilities for packages: skaffold, flux-source-controller, slsa-verifier, falcoctl, aactl, zot, policy-controller, zarf, ko, wolfictl, goreleaser, kubescape, tkn, melange, vexctl, falco, gitsign, tekton-chains, neuvector-sigstore-interface, spire-server, apko...
CVE-2024-29902 vulnerabilities
Vulnerabilities for packages: spire-server-fips, falco, apko, melange, goreleaser, ko, policy-controller-fips, zot, tkn-fips, neuvector-sigstore-interface, chainctl, vexctl, zarf, aactl, skaffold, slsa-verifier, kubescape, policy-controller, falcoctl-fips, gitsign, ko-fips, tekton-chains, tkn,...
CVE-2024-29902 vulnerabilities
Vulnerabilities for packages: skaffold, flux-source-controller, slsa-verifier, falcoctl, aactl, zot, policy-controller, zarf, ko, wolfictl, goreleaser, kubescape, tkn, melange, vexctl, falco, gitsign, tekton-chains, neuvector-sigstore-interface, spire-server, apko...
CVE-2024-31995 zcap has incomplete expiration checks in capability chains.
@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...
CVE-2024-31995 zcap has incomplete expiration checks in capability chains.
@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...
GHSA-HP8H-7X69-4WMV zcap has incomplete expiration checks in capability chains.
Impact When invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current date or other date param. This can allow invocations outside of the original intended time period. A zcap still cann...
zcap has incomplete expiration checks in capability chains.
Impact When invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current date or other date param. This can allow invocations outside of the original intended time period. A zcap still cann...
Deserialization of Untrusted Data in timber/timber
Summary Timber is vulnerable to PHAR deserialization due to a lack of checking the input before passing it into the fileexists function. If an attacker can upload files of any type to the server, he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP...
SUSE-SU-2024:1179-1 Security update for gnutls
This update for gnutls fixes the following issues: Security issues fixed: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange bsc1208143. - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange bsc1217277. - CVE-2024-0567: Fixed an incorrect rejection of...
Denial Of Service
go is vulnerable to Denial Of Service. The vulnerability is due to insufficient handling of certificate chains containing certificates with unknown public key algorithms...
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: rook, oauth2-proxy, caddy, skaffold, grpc-health-probe, step, timestamp-authority, guac, fulcio, flux-source-controller, slsa-verifier, falcoctl, aactl, step-ca, temporal-ui-server, weaviate, zot, policy-controller, zarf, temporal, rabbitmq-messaging-topology-operato...
BIT-NEO4J-2021-34371
Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...