13 matches found
in-toto-golang and in-toto-python have inconsistent negation behavior
Impact What kind of vulnerability is it? Who is impacted? in-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should not be matched, but they used different...
EUVD-2025-10405
Malicious code in bioql PyPI...
CVE-2025-32025
The CVE affects the Go library bep/imagemeta used for reading EXIF/IPTC/XMP metadata from JPEG, TIFF, PNG, and WebP. Before v0.11.0, the PNG/WebP metadata parsing allocated buffers unbounded by input type, enabling potentially large memory usage and DoS if provided images aren’t trusted. v0.11.0 ...
Shelly PRO 4PM v0.11.0 - Authentication Bypass
!/bin/bash Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass Google Dork: NA Date: 2nd August 2023 Exploit Author: The Security Team exploitsecurity.io Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability Vendor...
Shelly PRO 4PM v0.11.0 - Authentication Bypass Exploit
!/bin/bash Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass Google Dork: NA Date: 2nd August 2023 Exploit Author: The Security Team exploitsecurity.io Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability Vendor...
GHSA-3W8G-XR3F-2MP8 Out of bounds write in nalgebra
The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...
Out of bounds write in nalgebra
The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...
VecStorage Deserialize Allows Violation of Length Invariant
The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...
RUSTSEC-2021-0070 VecStorage Deserialize Allows Violation of Length Invariant
The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...
CVE-2021-27851
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...
Information disclosure
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...
GHSA-M4FW-77V7-924M Qutebrowser XSS Vulnerability
qutebrowser version introduced in v0.11.0 1179ee7a937fb31414d77d9970bac21095358449 contains a Cross Site Scripting XSS vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be...
PYSEC-2018-26
qutebrowser version introduced in v0.11.0 1179ee7a937fb31414d77d9970bac21095358449 contains a Cross Site Scripting XSS vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be...