9 matches found
CVE-2026-10584 HTTPS Fallback to HTTP in Graph Explorer
Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via unsanitized volumeHandle and mounttargetip fields. An attacker can inject unauthorized mount options by supplying specially crafted values to these fields when creating a PersistentVolume, resulting in...
Privilege Context Switching Error
Overview Duende.AccessTokenManagement.OpenIdConnect is a .NET library that manages OpenId Connect access tokens in ASP.NET Core applications. Affected versions of this package are vulnerable to Privilege Context Switching Error due to the improper handling of token refresh in pooled HttpClient...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview waitress is a production-quality pure-Python WSGI server with very acceptable performance. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in HTTP pipelining when handling an invalid initial request. An attacker can exploit this...
Missing Release of Resource after Effective Lifetime
Overview waitress is a production-quality pure-Python WSGI server with very acceptable performance. Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime due to the improper handling of socket connections when a remote client prematurely closes t...
PT-2023-9786
Name of the Vulnerable Software and Affected Versions: Waitress versions prior to 3.0.1 Description: The issue is related to the getpeername function in the Waitress WSGI server for Python. When a remote client closes the connection before Waitress has the opportunity to call getpeername, it fail...
Creation of Temporary File in Directory with Insecure Permissions
Overview com.github.samtools:htsjdk is a Java API for high-throughput sequencing data HTS formats Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions. due to the createTempDir function in util/IOUtil.java not checking for the...
PT-2021-4596 · Openexr +4 · Openexr +4
Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.1 Description: The issue is related to an integer overflow leading to a heap-buffer overflow in the DwaCompressor component of OpenEXR. This flaw can be exploited by an attacker to crash an application compiled...
PT-2021-4553 · Openexr +4 · Openexr +4
Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.1 Description: The issue is related to an integer overflow leading to a heap-buffer overflow in the DwaCompressor component of OpenEXR. This flaw can be exploited by an attacker to cause a denial of service,...