Trezor多款产品 安全漏洞

Trezor One, among others, is a product of the Czech Republic-based Trezor company. Trezor One is a digital currency wallet device. Trezor T is a hardware cryptocurrency wallet device. Trezor Safe is also a hardware cryptocurrency wallet device. Several Trezor products have security vulnerabilitie...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An access control vulnerability exists in the Huawei HarmonyOS memoization module, which can be exploited by an attacker to cause confidentiality and...

parse-server has GraphQL complexity validator exponential fragment traversal DoS

Impact The GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads. A single unauthenticated request can block the Node.js event loop for seconds, denying service to all concurrent users. This only affects...

PT-2026-2161

Name of the Vulnerable Software and Affected Versions Bio-Formats versions up to and including 8.3.0 Description Bio-Formats versions up to and including 8.3.0 are susceptible to unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The...

EUVD-2021-26293

Malware in sbrugna...

CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

CVE-2024-22368

The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells...

GitLab 0.0 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39937)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential...

Internet Bug Bounty: [CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing

A denial of service vulnerability was discovered in the multipart parsing component of Rack. This vulnerability could be exploited by carefully crafted input to cause the RFC2183 multipart boundary parsing in Rack to consume an unexpected amount of time, potentially leading to a denial of service...

CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

Design/Logic Flaw

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

UBUNTU-CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

CVE-2021-39937

CVE-2021-39937 affects GitLab CE/EE with a collision in the access memoization logic that can lead to elevated privileges in groups and projects under rare circumstances. Affected versions include all GitLab CE/EE prior to 14.3.6, all versions from 14.4 before 14.4.4, and all versions from 14.5 b...

CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

CVE-2021-39937

Removed by vendor...

PT-2021-22776 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.3.6 GitLab CE/EE versions 14.4 prior to 14.4.4 GitLab CE/EE versions 14.5 prior to 14.5.2 Description: A collision in access memoization logic leads to potential elevated privileges in groups and projects und...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Group members with developer role can escalate their privilege to maintainer on projects that they import When user registration is limited, external users that aren't developers shouldn't have access to the CI Lint API Collision in access memoization leads to potential elevated...

Node.js third-party modules: Prototype Pollution Vulnerability in cached-path-relative Package

I would like to report a prototype pollution attack in cached-path-relative. It allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain. Module module name: cached-path-relative version: 1.0.1 npm page:...