Lucene search
K

13 matches found

Snyk
Snyk
added 2025/12/02 6:35 a.m.3 views

Cross-site Request Forgery (CSRF)

Overview label-studio-sso is a Native JWT authentication for Label Studio OSS - simple and secure SSO integration Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to an improper exemption in the JWTSSOSessionAuthentication mechanism that disables CSRF token...

5.1CVSS6.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.5 views

PT-2022-35058 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v3.19 through v6.0.2 Description: The issue is related to some leaks in the probe function of the serial driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.3 views

PT-2022-34976 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A potential memory leak was identified in the rtw init drv sw function of the rtl8723bs driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.3 views

PT-2022-35120 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 6.0.3 Description: The issue is related to the wifi ath10k driver, specifically with setting tx credit to one for WCN3990 snoc based devices. The actual impact and attack plausibility have not yet been proven...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.5 views

PT-2022-35070 · Xilinx · Xilinx Vipp

Name of the Vulnerable Software and Affected Versions: Xilinx VIPP versions prior to v6.0.3 Description: A refcount leak was discovered in the xvip graph dma init function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in Linux Kernel version v4.1 a...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.2 views

PT-2022-35118 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A potential security issue exists due to a use-after-free condition in the mac80211 component of the wifi functionality. The actual impact and attack plausibility have not yet been proven...

7.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.2 views

PT-2022-35050 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to a null pointer reference in the arch prepare kprobe function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.5 views

PT-2022-35048 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 3.16 through 6.0.2 Description: The issue is related to a reference leak in the of dra7 atl clk probe function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versio...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.1 views

PT-2022-35167 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns the RISC-V port I/O string accessors in the Linux Kernel. It has been identified as a potential security vulnerability, although its actual impact and attack plausibility...

7.3AI score
Exploits0References1
Snyk
Snyk
added 2022/10/18 9:46 p.m.2 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm to version 6.0.3 or higher. References - Dotnet Announcement -...

8.8CVSS7.6AI score0.01556EPSS
Exploits0References2
Snyk
Snyk
added 2022/10/18 9:46 p.m.6 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet Issue -...

8.8CVSS7.6AI score0.01556EPSS
Exploits0References2
Snyk
Snyk
added 2022/10/18 9:46 p.m.3 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64 to version 6.0.3 or higher. References - Dotnet Announcement -...

8.8CVSS7.5AI score0.01556EPSS
Exploits0References2
OSV
OSV
added 2020/03/31 3:59 p.m.4 views

GHSA-6C8F-QPHG-QJGP Validation Bypass in kind-of

Versions of kind-of 6.x prior to 6.0.3 are vulnerable to a Validation Bypass. A maliciously crafted object can alter the result of the type check, allowing attackers to bypass the type checking validation. Recommendation Upgrade to versions 6.0.3 or later...

7.5CVSS6.8AI score0.02278EPSS
Exploits1References6
Rows per page
Query Builder