12 matches found
GHSA-2H46-9X5W-4WF7 Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind
Impact A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes entire session resume or entire checkpoint rewind to write attacker-controlled transcript data outside of the expected session...
EUVD-2026-36742
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...
PT-2026-49260
Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.6.0 Description A missing condition in the verification process for remote accounts consenting to be featured in a remote Collection allows attackers to bypass checks and fake consent. An attacker can forge the...
openSUSE Security Advisory (openSUSE-SU-2024:0135-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
@adamlonsdale/backstage-plugin-armorcode-backend (>=0.0.1-alpha <=0.0.4), @austin-garrard/backstage-plugin-backend (>=0.0.1 <=0.0.1-alpha.22) +188 more potentially affected by CVE-2024-26150 via @backstage/backend-common (>=0.0.0-nightly-20220708025041 <=0.17.0)
@backstage/backend-common NPM version =0.0.0-nightly-20220708025041, =0.0.1-alpha, =0.0.1, =0.0.1, =0.1.0, =0.0.0-nightly-20220709024234, =0.0.0-nightly-20220811024336, =0.0.0-nightly-20240116021644, =0.0.0-nightly-20220709024234, =0.0.0-nightly-2022042277, =0.0.0-nightly-20216821837,...
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`
Impact yt-dlp allows the user to provide shell commands to be executed at various stages in its download process through the --exec flag. This flag allows output template expansion in its argument, so that video metadata values may be used in the shell commands. The metadata fields can be combine...
PT-2021-18290 · Unknown · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 Description: The issue arises when calling tf.raw ops.ImmutableConst with a dtype of tf.resource or tf.variant, resulting in a segfault. This occurs because the code assumes that the tensor contents are pure...
PYSEC-2020-139
In Tensorflow before version 2.4.0, when the boxes argument of tf.image.cropandresize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is...
PYSEC-2020-331
In Tensorflow before version 2.4.0, when the boxes argument of tf.image.cropandresize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is...
KisMac - Open Source Wireless Stumbling And Security Tool For Mac OS X
KisMAC is a free, open source wireless stumbling and security tool for Mac OS X. Whats new: Mac OS 10.9 - 10.12 64-bit only ARC 64-bit only New GUI Modern Objective-c syntax Rewrote most part of deprecated methods Remove debug info from release How Build: git clone...
Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability
========================================================= Eclipse IDE | Help Server Local Cross Site Scripting XSS Vulnerability ========================================================= 1. OVERVIEW The Help Content web application of Eclipse IDE was vulnerable to Cross Site Scripting XSS...
Eclipse IDE Cross Site Scripting
========================================================= Eclipse IDE | Help Server Local Cross Site Scripting XSS Vulnerability ========================================================= 1. OVERVIEW The Help Content web application of Eclipse IDE was vulnerable to Cross Site Scripting XSS...