12 matches found
Out-of-bounds Read
Overview github.com/shamaton/msgpack/v2/time is a None Affected versions of this package are vulnerable to Out-of-bounds Read. due to improper validation of input in the fixext process. An attacker can cause the application to panic and terminate unexpectedly by sending specially crafted...
Out-of-bounds Read
Overview github.com/shamaton/msgpack/v2/internal/decoding is a Affected versions of this package are vulnerable to Out-of-bounds Read. due to improper validation of input in the fixext process. An attacker can cause the application to panic and terminate unexpectedly by sending specially crafted...
Out-of-bounds Read
Overview github.com/shamaton/msgpack/v2/internal/decoding is a Affected versions of this package are vulnerable to Out-of-bounds Read. via the Unmarshal, UnmarshalAsMap, UnmarshalAsArray, and Marshal functions, which invoke Decode. An attacker can cause a panic with truncated fixext data that...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of JWT authentication middleware and RBAC authorization checks in the routing configuration for /api/v1/jobs endpoint. An attacker can view, update, and delete jobs by sending...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the processing of malicious JSON payloads in the request handling process. An attacker can exhaust system memory and CPU resources by sending specially crafted JSON objects that, when deserialized, consume...
PT-2025-33883
Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1 Description: A security flaw has been discovered in SolidInvoice. The impacted element is an unknown function within the /clients file of the Clients Module. Manipulation of the Name argument results in...
Divide By Zero
Overview Affected versions of this package are vulnerable to Divide By Zero due to the blendtransformedtiledargb.isra.0 function. An attacker can cause the application to crash by triggering a floating point exception. Remediation Upgrade lunasvg to version 2.4.1 or higher. References - GitHub...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write due to a segmentation violation in the compositionsolidsource component. An attacker can cause a denial of service. Remediation Upgrade lunasvg to version 2.4.1 or higher. References - GitHub Issue Credit: keepinggg...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow due to improper handling of certain inputs in the element.h component. An attacker can trigger this vulnerability by supplying specially crafted input to the application. Remediation Upgrade lunasvg to versio...
PT-2022-3256 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.0.0 through 2.4.0 Argo CD versions 2.1.0 through 2.1.15 Argo CD versions 2.2.0 through 2.2.9 Argo CD versions 2.3.0 through 2.3.4 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The...
PT-2019-18582 · Rukovoditel · Rukovoditel
Name of the Vulnerable Software and Affected Versions: Rukovoditel versions prior to 2.4.1 Description: The issue allows for XSS. Recommendations: For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue...
PT-2012-5410 · Opencryptoki +1 · Opencryptoki +1
Name of the Vulnerable Software and Affected Versions: openCryptoki versions prior to 2.4.1 Description: The issue allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the .pkapi xpk or .pkcs11spinloc file in /tmp. This is possible when using...