EUVD-2022-3245

Malicious code in bioql PyPI...

EUVD-2023-0752

Malicious code in bioql PyPI...

GHSA-86CJ-95QR-2P4F Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...

kernel: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pcidevput pcigetdevice will increase the reference count for the returned pcidev. We need to use pcidevput to decrease the reference count before amdprobe returns. There ...

Improper Authorization

github.com/mattermost/mattermost is vulnerable to Improper Authorization. The vulnerability is caused due to improper permission validation while a user views archived public channels. One member of a team can view a channel of another team member via GET call to the /api/v4/teams//channels/delet...

google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability

Summary A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set a malicious tld, causing the application to return unsafe URLs pointing towards local...

CVE-2023-48711 Server-Side Request Forgery (SSRF) Vulnerability in google-translate-api-browser

google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set ...

Improper Validation of Array Index in GJSON

GJSON 1.6.6 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a crafted GET call...

GHSA-P64J-R5F4-PWWX Improper Validation of Array Index in GJSON

GJSON 1.6.6 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a crafted GET call...

Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

The plugin is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. - Install the plugin and set the API creds to: - Key:...

Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

The plugin is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. PoC - Install the plugin and set the API creds to: - Key:...

Generation of fake documents via public GET-call

Impact Generation of fake documents via public GET-call Patches We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older...

GHSA-JVG4-9RC2-WVCR Generation of fake documents via public GET-call

Impact Generation of fake documents via public GET-call Patches We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older...

Denial Of Service (DoS)

github.com/tidwall/gjson is vulnerable to denial of service. An attacker is able to crash the application via a malicious GET call which would result in a slice bounds out of range...

CVE-2020-36067

GJSON =v1.6.5 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a crafted GET call...

CVE-2020-36067

GJSON =v1.6.5 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a crafted GET call...

CVE-2020-36067

GJSON =v1.6.5 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a crafted GET call...

CVE-2020-36067

GJSON =v1.6.5 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a crafted GET call...

CVE-2020-36067

GJSON =v1.6.5 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a crafted GET call...

CVE-2020-35381

jsonparser 1.0.0 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a GET call...