4 matches found
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verify process. An attacker can cause trust confusion by submitting a commit object with duplicate tree headers, resulting in different interpretations between git-core and go-git,...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions when using the Jaeger UI Monitor tab on OpenShift. A user with create permissions on TempoStack and get permissions on a namespaced Secret can read the token of the Tempo service account and subsequently...
CVE-2021-36151
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions = 0.15.0. Users should update to version 0.16.0 which addresses this issue...
Use of Uninitialized Resource
Overview fuser is a Filesystem in Userspace FUSE for Rust Affected versions of this package are vulnerable to Use of Uninitialized Resource in the fusesessionnew process when the operation list argument is incorrectly passed as NULL. An attacker can cause uninitialized memory to be read and leake...