13 matches found
Cross-site Request Forgery (CSRF)
Overview label-studio-sso is a Native JWT authentication for Label Studio OSS - simple and secure SSO integration Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to an improper exemption in the JWTSSOSessionAuthentication mechanism that disables CSRF token...
PT-2022-35058 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v3.19 through v6.0.2 Description: The issue is related to some leaks in the probe function of the serial driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...
PT-2022-34976 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A potential memory leak was identified in the rtw init drv sw function of the rtl8723bs driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...
PT-2022-35120 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 6.0.3 Description: The issue is related to the wifi ath10k driver, specifically with setting tx credit to one for WCN3990 snoc based devices. The actual impact and attack plausibility have not yet been proven...
PT-2022-35070 · Xilinx · Xilinx Vipp
Name of the Vulnerable Software and Affected Versions: Xilinx VIPP versions prior to v6.0.3 Description: A refcount leak was discovered in the xvip graph dma init function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in Linux Kernel version v4.1 a...
PT-2022-35118 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A potential security issue exists due to a use-after-free condition in the mac80211 component of the wifi functionality. The actual impact and attack plausibility have not yet been proven...
PT-2022-35050 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to a null pointer reference in the arch prepare kprobe function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...
PT-2022-35048 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 3.16 through 6.0.2 Description: The issue is related to a reference leak in the of dra7 atl clk probe function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versio...
PT-2022-35167 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns the RISC-V port I/O string accessors in the Linux Kernel. It has been identified as a potential security vulnerability, although its actual impact and attack plausibility...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm to version 6.0.3 or higher. References - Dotnet Announcement -...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet Issue -...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64 to version 6.0.3 or higher. References - Dotnet Announcement -...
GHSA-6C8F-QPHG-QJGP Validation Bypass in kind-of
Versions of kind-of 6.x prior to 6.0.3 are vulnerable to a Validation Bypass. A maliciously crafted object can alter the result of the type check, allowing attackers to bypass the type checking validation. Recommendation Upgrade to versions 6.0.3 or later...