6 matches found
Insertion of Sensitive Information Into Sent Data
Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the self.config.asdict function, which returns the entire configuration including sensitive values without filtering for th...
CVE-2023-1571
A vulnerability, which was classified as critical, was found in DataGear up to 4.5.0. This affects an unknown part of the file /analysisProject/pagingQueryData. The manipulation of the argument queryOrder leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
SUSE CVE-2024-51744
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
AZL-52189 CVE-2024-51744 affecting package packer for versions less than 1.9.5-9
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
PT-2023-10809 · Unknown · Devent Globalpom-Utils
Name of the Vulnerable Software and Affected Versions: devent globalpom-utils versions up to 4.5.0 Description: A critical vulnerability has been found in devent globalpom-utils, affecting the createTmpDir function of the FileResourceManagerProvider.java file. This vulnerability leads to insecure...
CVE-2021-43838
jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...