CVE-2024-32617

HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MMxstrdup in H5MM.c called from H5Genttolink in H5Glink.c...

Unsafe use of approve() with IERC20

Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...

SUSE CVE-2020-8036

The tok2strbuf function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way...

Command injection

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

CVE-2022-31534

The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31539

The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Path traversal

The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Path traversal

The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31512

The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2021-3726

Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in:...

CentOS 8 : python27:2.7 (CESA-2021:4151)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4151 advisory. - python: Unsafe use of eval on data retrieved via HTTP in the test suite CVE-2020-27619 - python-jinja2: ReDoS vulnerability in the urlize filter...

Updated libss7 packages fix security vulnerability

Unsafe use of strncpy. rhbz1932066...

Fix of CVE: CVE-2018-20852, CVE-2020-8492, CVE-2020-26116, CVE-2020-27619

Add Oracle Linux distribution in platform.py - CVE-2018-20852: Prefix dot in domain for proper subdomain validation - CVE-2020-8492: Python allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client - CVE-2020-26116: http.client allows CRLF injection if...

Incorrect buffer size calculation in iced-x86

An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...

Updated squirrelmail packages fix security vulnerabilities

XSS was discovered in SquirrelMail through 1.4.22. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of for example a NOEMBED,...

DEBIAN-CVE-2017-0373

The genclasspod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model aka libconfig-model-perl before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file...

Updated shadow-utils packages fix security vulnerabilities

It was found that shadow-utils-4.2.1 had a potentially unsafe use of getlogin with the concern that the utmp entry might have a spoofed username associated with a correct uid CVE-2016-6251. It was found that shadow-utils-4.2.1 had an incorrect integer handling problem where it looks like the int...

Fedora 24 : pulp / pulp-docker / pulp-ostree / pulp-puppet / pulp-python / etc (2016-4373f7d32a)

2.8.6 is a security and bugfix release. Included in the list of fixed issues in 2.8.5 are two CVEs : - CVE-2016-3696: Leakage of CA key in pulp-qpid-ssl-cfg - CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed Several issues with database migrations are also addressed in this...

Amazon Linux: Security Advisory (ALAS-2015-630)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 11.3 Security Update : puppet (SAT Patch Number 9472)

Puppet was updated to fix the following security issues : - Unsafe use of temporary files. CVE-2013-4969 - Arbitrary code execution with required social engineering. CVE-2014-3248 / CVE-2014-3250 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...