EUVD-2023-0438

Malicious code in bioql PyPI...

GHSA-C653-6HHG-9X92 go-ipld-prime/codec/json may panic if asked to encode bytes

go-ipld-prime is a series of Go interfaces for manipulating IPLD data and a Go module that contains the go-ipld-prime/codec/json codec. Impact Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON encoder which will panic as it doesn't expect to receive Bytes tokens...

CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability

Withdrawn This advisory has been withdrawn because the CVE has been disputed and the underlying vulnerability is likely invalid. This link is maintained to preserve external references. According to maintainers of Fat Free CRM, the CRM comment feature allows certain HTML markup, but santizes the...

GHSA-GMG5-R3C4-3FM9 Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability

Withdrawn This advisory has been withdrawn because the CVE has been disputed and the underlying vulnerability is likely invalid. This link is maintained to preserve external references. According to maintainers of Fat Free CRM, the CRM comment feature allows certain HTML markup, but santizes the...

Fat Free CRM Cross-site Scripting vulnerability

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI...

RUSTSEC-2022-0046 Out-of-bounds read when opening multiple column families with TTL

Affected versions of this crate called the RocksDB C API rocksdbopencolumnfamilieswithttl with a pointer to a single integer TTL value, but one TTL value for each column family is expected. This is only relevant when using rocksdb::DBWithThreadMode::opencfdescriptorswithttl with multiple column...

Out-of-bounds read when opening multiple column families with TTL

Affected versions of this crate called the RocksDB C API rocksdbopencolumnfamilieswithttl with a pointer to a single integer TTL value, but one TTL value for each column family is expected. This is only relevant when using rocksdb::DBWithThreadMode::opencfdescriptorswithttl with multiple column...

Flux2 代码注入漏洞

Flux2 is a tool from the Cloud Native Computing Foundation to keep Kubernetes clusters synchronized with their configuration sources. A security vulnerability exists in Flux2 prior to v0.29.0, Flux2 helm-controller prior to v0.19.0, and Flux2 kustomize-controller prior to v0.23.0, which stems fro...

CVE-2019-10226

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is a XSS protection...