376 matches found
GHSA-XHV5-W9C5-2R2W Unbounded connection acceptance in http4s-blaze-server
Impact blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an...
Unbounded connection acceptance leads to file handle exhaustion
Impact All servers running blaze-core = 0.14.14, including blaze-http and http4s-blaze-server users, are affected. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request...
PT-2021-14396 · Unknown +2 · Blaze-Core +5
Name of the Vulnerable Software and Affected Versions: http4s versions prior to 0.21.17 http4s versions prior to 0.22.0-M2 http4s versions prior to 1.0.0-M14 Description: The issue is related to the blaze-core library, which accepts connections unboundedly on its selector pool. This can lead to a...
PlayStation: Reflected XSS on transact.playstation.com using postMessage from the opening window
Report Summary: When transact.playstation.com loads it handles messages received from postMessage in the receiveMessageFromTransactClientService method. The only validation that is performed is to ensure that the referrer and origin match: javascript receiveMessageFromTransactClientService:...
Beijing Qingqi Technology Co., Ltd Ember APP has Denial of Service Vulnerability
Shimmering App for PC is a novel social software to make friends through watching movies together. There is a denial-of-service vulnerability in Ember APP, which can be exploited by attackers to cause a denial-of-service attack...
@love-open-source/ember-slider (>=0.0.2 <=1.1.10), broccoli-compass-compiler (>=0.0.1 <=0.0.6) +1 more potentially affected by CVE-2020-7635 via compass-compile (=0.0.1)
compass-compile NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on compass-compile and may be impacted: - @love-open-source/ember-slider =0.0.2, =0.0.1, =0.1.0, =0.5.0 Source cves: CVE-2020-7635 Source advisory:...
Malicious Package
Overview Version 1.0.8 of ember-power-timepicker contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your...
Ember.js Cross-Site Scripting Vulnerability
Tilde Ember.js is the United States Tilde company's set of JavaScript framework for creating Web applications . A cross-site scripting vulnerability exists in Ember.js. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
[SECURITY] Fedora 15 Update: ember-0.6.0-5.fc15
Ember is a client for MMORPGs using the WorldForge system. It uses the Ogre 3D engine with CEGUI...
Fedora 15 : ember-0.6.0-5.fc15 (2011-3208)
Fix for CVE-2010-3355 bug 638381 This is just a rebuild to resolve a dependency conflict. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
CVE-2010-3355
Ember 0.5.7 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
CVE-2010-3355
Ember 0.5.7 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
Directory traversal
Ember 0.5.7 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
CVE-2010-3355
Ember 0.5.7 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
CVE-2010-3355
Ember 0.5.7 places a zero-length directory name in LD_LIBRARY_PATH, allowing local users to gain privileges via a Trojan horse shared library in the current working directory. Root cause: malformed LD_LIBRARY_PATH handling. Impact: local privilege escalation with potential full compromise if expl...
CVE-2010-3355
Removed by vendor...