12 matches found
Improper Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization via improper authorization checks in the access control process. An attacker can gain unauthorized write access by tricking a user into visiting a...
CVE-2025-62373
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in LivekitFrameSerializer – an optional, non-default, undocumented frame serializer class now deprecated intended for LiveKit...
Missing Release of Resource after Effective Lifetime
Overview github.com/grafana/grafana/pkg/api/avatar is a tool for beautiful monitoring and metric analytics & dashboards for Graphite, InfluxDB & Prometheus & More. Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the /avatar/:hash...
EUVD-2023-0093
Malicious code in bioql PyPI...
SA45653 - Cross-site Request Forgery in Login Form
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. In a login CSRF attack, the attacker forges a login request to an honest site using the attacker’s username and password at that site. If the forgery succeeds, the honest server...
CVE-2021-38142
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured is not...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2021 CPU
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These might affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Applicatio...
httpd: mod_http2: possible crash on late upgrade
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...
Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale
Summary The Elastic Storage Server and the GPFS Storage Server are affected by a multiple GSKit vulnerability in IBM Spectrum Scale. Vulnerability Details CVEID: CVE-2018-1431 DESCRIPTION: A vulnerability in GSKit affects IBM Spectrum Scale that could allow a local attacker to obtain control of t...
SOL16983 - PCRE library vulnerability CVE-2015-2325
Although the BIG-IP/BIG-IQ/Enterprise Manager software contains the vulnerable code, BIG-IP/BIG-IQ/Enterprise Manager does not use the vulnerable code in a way that exposes the vulnerability. An attacker must have local access to BIG-IP/BIG-IQ/Enterprise Manager to trigger an exploit, which the...
[SECURITY] [DSA 1361-1] New postfix-policyd packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1361 [email protected] http://www.debian.org/security/ Steve Kemp August 29th, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
[SECURITY] [DSA 639-1] New mc packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 639-1 [email protected] http://www.debian.org/security/ Martin Schulze January 14th, 2005 http://www.debian.org/security/faq -...