python-flask-restful-api 路径遍历漏洞

python-flask-restful-api is a python interface repository by the individual developer Akash Talole in India. A security vulnerability exists in python-flask-restful-api, which stems from insecure use of the Flask sendfile function...

golem 路径遍历漏洞

golem is a git continuous integration, testing, and release tool by Dennis Kaarsemaker, an individual developer in the Netherlands. A security vulnerability exists in golem version 2016-05-17 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute pat...

kotekan 路径遍历漏洞

kotekan is a high performance radio data processing pipeline from kotekan open source. A security vulnerability exists in kotekan version 2021.11 and earlier versions, which stems from an incorrect call to Flask's sendfile function resulting in absolute path traversal...

ytdl-sync 路径遍历漏洞

The ytdl-sync repository is a web interface for YTDL by Jake Garza, an individual developer in the United States. A security vulnerability exists in ytdl version 2021-01-02 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

nursequest 路径遍历漏洞

nursequest is a management system for nurses' tasks by Romain Vincent, an individual developer in France. A security vulnerability exists in nursequest version 2018-02-22 and earlier versions, which stems from an incorrect call to Flask's sendfile function resulting in absolute path traversal...

glance 路径遍历漏洞

glance is a dictionary visualization repository open source by nlpweb. glance 2014-06-27 version and earlier versions have a security vulnerability , the vulnerability stems from Flask's sendfile function call incorrectly leads to absolute path traversal...

SetupBox 路径遍历漏洞

SetupBox is a middleware for implementing your own storage cloud by Kim Taehwan, an individual developer in Korea. A security vulnerability exists in SetupBox version 1.0 and earlier versions, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

KG-fashion-chatbot 路径遍历漏洞

KG-fashion-chatbot is a multi-modal chatbot for online shopping assistant by youzhou individual developer. KG-fashion-chatbot has a security vulnerability in versions 2018-05-22 and earlier, which stems from an unsafe use of Flask's sendfile function that allows absolute path traversal...

PT-2022-20290 · Unknown · Semwifiapclient

Name of the Vulnerable Software and Affected Versions: SemWifiApClient versions prior to SMR Jul-2022 Release 1 Description: The issue is related to an improper access control vulnerability in the sendDHCPACKBroadcast function. This vulnerability allows an attacker to access the WiFi AP client MA...

Malicious code in firestore-messagebird-send-msg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ce66f4ad982ef4095727b82f1dabf12365216e3f0dc4b1cd8016bf310fa982c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in firefox-send (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7de757c8958df7dfd963bd4bdc07d46cda7037dd27fc4ef63d00012c236ae1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3052 Malicious code in firefox-send (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7de757c8958df7dfd963bd4bdc07d46cda7037dd27fc4ef63d00012c236ae1f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Upgraded Q -> M from 205 [1655579891083]

Judge has assessed an item in Issue 205 as Medium risk. The relevant finding follows: transfer and send methods are used inside the codebase. Since these methods use 2300 gas stipend which is not adjustable,it may likely to get broken when calling a contract's fallback function if any contract...

Upgraded Q -> M from 180 [1655579854185]

Judge has assessed an item in Issue 180 as Medium risk. The relevant finding follows: Use of send might fail in the future send only forward 2300 gas which may break when gas cost change in a future ETH upgrade see: function withdrawAll public payable onlyOwner...

Upgraded Q -> M from 117 [1655579798819]

Judge has assessed an item in Issue 117 as Medium risk. The relevant finding follows: Don't use send / transfer to send ETH This is low severity but you should avoid these and use call --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 119 [1655579861612]

Judge has assessed an item in Issue 119 as Medium risk. The relevant finding follows: L01: Use .call instead of .send Line References Description It is recommended to use call instead of send because the former fowards all remaining gas with the call, while the latter has a gas limit of 2300. Thi...

GHSA-X4MQ-M75F-MX8M Delegate functions are missing `Send` bound

Affected versions of this crate did not require event handlers to have Send bound despite there being no guarantee of them being called on any particular thread, which can potentially lead to data races and undefined behavior. The flaw was corrected in commit afe3252 by adding Send bounds...

GHSA-3HXH-7JXM-59X4 AtomicBucket<T> unconditionally implements Send/Sync

In the affected versions of the crate, AtomicBucket unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::datawith API. Such data races can potentially cause memory corruption or other undefined behavior. The flaw was...

AtomicBucket<T> unconditionally implements Send/Sync

In the affected versions of the crate, AtomicBucket unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::datawith API. Such data races can potentially cause memory corruption or other undefined behavior. The flaw was...

CVE-2022-32300

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php...