AZL-52207 CVE-2024-51744 affecting package telegraf for versions less than 1.31.0-7

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

PT-2021-24204 · Knime · Knime Analytics Platform

Name of the Vulnerable Software and Affected Versions: KNIME Analytics Platform versions prior to 4.5.0 Description: The issue concerns an external XML entity injection XXE vulnerability. It can be exploited via a crafted workflow file .knwf. Recommendations: For versions prior to 4.5.0, update t...

PT-2016-5236 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.5 Description: The issue allows local users to cause a denial of service by creating many pipes with non-default sizes, resulting in memory consumption due to the lack of limitation on the amount of unread dat...