344 matches found
[SECURITY] Fedora 36 Update: golang-k8s-kube-openapi-0-0.22.20210813git3c81807.fc36
Kubernetes OpenAPI spec generation & serving...
GO-2022-0355 Path traversal in github.com/valyala/fasthttp
The fasthttp.FS request handler is vulnerable to directory traversal attacks on Windows systems, and can serve files from outside the provided root directory. URL path normalization does not handle Windows path separators backslashes, permitting an attacker to construct requests with relative pat...
Vulnerability fixed in Red Hat OpenShift Container Platform
A vulnerability has been found in OpenShift Container Platform. The private key for an external cluster certificate is stored in an insecure manner in the oauth-serving-cert ConfigMaps and therefore available to any OpenShift user or service account. A malicious can obtain this private key and...
Red Hat OpenShift Container Platform 信息泄露漏洞
Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat, Inc. that enable organizations to develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. The Red Hat OpenShift Container Platform suffers fro...
[SECURITY] Fedora 35 Update: golang-k8s-kube-openapi-0-0.19.20210813git3c81807.fc35
Kubernetes OpenAPI spec generation & serving...
CVE-2022-31505
The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
[SECURITY] Fedora 36 Update: golang-k8s-kube-openapi-0-0.21.20210813git3c81807.fc36
Kubernetes OpenAPI spec generation & serving...
[SECURITY] Fedora 36 Update: golang-github-elazarl-bindata-assetfs-1.0.1-9.fc36
Serve embedded files from jteeuwen/go-bindata with net/http...
ai.konduit.serving:konduit-serving-cli (=0.1.0), ai.konduit.serving:konduit-serving-distro-bom (=0.1.0) +1594 more potentially affected by CVE-2022-30973 via org.apache.tika:tika-core (>=1.17 <=1.28.2)
org.apache.tika:tika-core MAVEN version =1.17, =4.1.3, =3.1.1, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.2.7, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.4.0-beta.7 and more Source cves: CVE-2022-30973 Source advisory: OSV:GHSA-QW3F-W4PF-JH5F...
sinatra: path traversal possible outside of public_dir when serving static files
A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served...
ai.konduit.serving:konduit-serving-cli (=0.1.0), ai.konduit.serving:konduit-serving-distro-bom (=0.1.0) +1594 more potentially affected by CVE-2022-30126 via org.apache.tika:tika-core (>=1.17 <=1.28.1)
org.apache.tika:tika-core MAVEN version =1.17, =4.1.3, =3.1.1, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.2.7, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.4.0-beta.7 and more Source cves: CVE-2022-30126 Source advisory: OSV:GHSA-RPJM-422R-95MH...
[SECURITY] Fedora 36 Update: golang-k8s-kube-openapi-0-0.20.20210813git3c81807.fc36
Kubernetes OpenAPI spec generation & serving...
ai.idylnlp:idylnlp-dl4j (>=1.0.0 <=1.1.0), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +742 more potentially affected by CVE-2021-23792 via com.twelvemonkeys.imageio:imageio-metadata (>=3.0 <=3.7.0)
com.twelvemonkeys.imageio:imageio-metadata MAVEN version =3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 - ai.konduit.serving:konduit-serving-gpu-nano =0.1.0 and more Source cves: CVE-2021-23792 Source advisory: OSV:GHSA-PJCH-4G28-FXX7...
ai.konduit.serving:konduit-serving-api (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-cli (>=0.0.2 <=0.3.0) +1764 more potentially affected by CVE-2019-17640 via io.vertx:vertx-web (>=3.0.0 <=3.9.3)
io.vertx:vertx-web MAVEN version =3.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =19.9.0, =22.3.2 and more Source cves: CVE-2019-17640 Source advisory: OSV:GHSA-VJW7-6GFQ-6WF5...
DEBIAN-CVE-2021-44543
An XSS vulnerability was found in Privoxy which was fixed in cgierrornotemplate by encode the template name when Privoxy is configured to servce the user-manual itself...
Open5Gs 输入验证错误漏洞
pen5Gs is a C open source implementation of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS has a security vulnerability that can be exploited by an attacker to cause SGW-U/UPF to crash...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal if an unintended user is able to gain access to the diagnostic route, which may lead to information disclosure. Note: This only applies when MessageBus::Diagnostics is enabled it is not enabled by default. Details A...
ai.idylnlp:idylnlp-dl4j (>=1.0.0 <=1.1.0), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +742 more potentially affected by CVE-2021-23792 via com.twelvemonkeys.imageio:imageio-metadata (>=3.0 <=3.7.0)
com.twelvemonkeys.imageio:imageio-metadata MAVEN version =3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 - ai.konduit.serving:konduit-serving-gpu-nano =0.1.0 and more Source cves: CVE-2021-23792 Source advisory: SNYK:JAVA-COMTWELVEMONKEYSIMAGEIO-231676...
DEBIAN-CVE-2021-43172
NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of anoth...
CVE-2021-37668
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...