GHSA-CWX2-736X-MF6W Prototype pollution in object-path

Impact A prototype pollution vulnerability has been found in object-path = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and setting the option includeInheritedProps: true, or by using the default withInheritedProps instance. The default operating mo...

nodejs-dot-prop: prototype pollution

A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...

Dell EMC NetWorker Incorrect Privilege Assignment Vulnerability

Dell EMC NetWorker is a suite of unified backup and recovery software from Dell USA. The software provides backup and recovery, deduplication elimination, backup reporting and other features. A security vulnerability exists in Dell EMC NetWorker versions prior to 19.3.0.2 that stems from a failur...

PT-2020-6065 · Object Path +2 · Object-Path +2

Name of the Vulnerable Software and Affected Versions: object-path versions = 0.11.0...

PT-2020-13802 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions 6.6.0 through 6.6.6 Apache Solr versions 7.0.0 through 7.7.3 Apache Solr versions 8.0.0 through 8.6.2 Description: The issue prevents some features considered dangerous, which could be used for remote code execution, to b...

DEBIAN-CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...

CVE-2020-7737

All versions of package safetydance are vulnerable to Prototype Pollution via the set function...

CVE-2020-7736

The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function...

CVE-2020-7737 Prototype Pollution

All versions of package safetydance are vulnerable to Prototype Pollution via the set function...

CVE-2020-7736 Prototype Pollution

The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function...

PT-2020-19753 · Bmoor · Bmoor

Name of the Vulnerable Software and Affected Versions: bmoor versions prior to 0.8.12 Description: The issue concerns Prototype Pollution via the set function. Recommendations: For versions prior to 0.8.12, update to version 0.8.12 or later to resolve the issue...

PT-2020-19754 · Unknown · Safetydance

Name of the Vulnerable Software and Affected Versions: safetydance versions all Description: The issue concerns Prototype Pollution via the set function. This affects all versions of the package, allowing for potential manipulation of object properties. Recommendations: For all versions, consider...

CVE-2020-15228

In the @actions/core npm module before version 1.2.6,addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment...

Design/Logic Flaw

In the @actions/core npm module before version 1.2.6,addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment...

kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field

A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to perform ioctl2 cal...

freerdp: stream out-of-bounds seek in rdp_read_font_capability_set could lead to out-of-bounds read

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdpreadfontcapabilityset could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0...

aglvq (=1.0.0), beacon-trellis (=0.1.0) +64 more potentially affected by CVE-2020-15205 via tensorflow (=2.1.0)

tensorflow PYPI version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - aglvq =1.0.0 - beacon-trellis =0.1.0 - biobb-ml =3.0.0, =0.0.1, =0.2.0, =0.0.2, =0.1.0, =1.1.0, =0.2.0rc1, =0.2.0rc3 and more Source cves:...

aglvq (=1.0.0), beacon-trellis (=0.1.0) +64 more potentially affected by CVE-2020-15211 via tensorflow (=2.1.0)

tensorflow PYPI version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - aglvq =1.0.0 - beacon-trellis =0.1.0 - biobb-ml =3.0.0, =0.0.1, =0.2.0, =0.0.2, =0.1.0, =1.1.0, =0.2.0rc1, =0.2.0rc3 and more Source cves:...

aglvq (=1.0.0), beacon-trellis (=0.1.0) +64 more potentially affected by CVE-2020-15207 via tensorflow (=2.1.0)

tensorflow PYPI version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - aglvq =1.0.0 - beacon-trellis =0.1.0 - biobb-ml =3.0.0, =0.0.1, =0.2.0, =0.0.2, =0.1.0, =1.1.0, =0.2.0rc1, =0.2.0rc3 and more Source cves:...

[SECURITY] Fedora 33 Update: mysql-connector-java-8.0.21-1.fc33

MySQL Connector/J is a native Java driver that converts JDBC Java Database Connectivity calls into the network protocol used by the MySQL database. It lets developers working with the Java programming language easily build programs and applets that interact with MySQL and connect all corporate...