GHSA-4W97-57V2-3W44 False-negative validation results in MINT transactions with invalid baton

Impact Users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Patches npm package slp-validate has been patched and...

CVE-2020-11072 False-negative validation results in MINT transactions with invalid baton

In SLP Validate npm package slp-validate before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Th...

CVE-2020-11072

In CVE-2020-11072, the npm package slp-validate (before version 1.2.1) could produce false-negative validation outcomes for MINT transactions, enabling a poorly implemented SLP wallet to spend affected tokens and destroy a user’s minting baton. The issue is fixed in slp-validate version 1.2.1. A ...

Unspecified vulnerability in slp-validate

slp-validate is a lightweight SLP Simple Ledger Protocol validator with features such as pre-broadcast validation and burn protection. slpjs is a JavaScript library for validating and building Simple Ledger Protocol SLP. A security vulnerability exists in versions of slp-validate prior to 1.2.1,...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4345-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4345-1 advisory. Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondar...

Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)

Impact - Cross Site Scripting - Cache Poisoning - Page Hijacking Patches This was fixed in version 2.2.1. Workarounds If you are unable to update, ensure that user supplied data isn't able to flow to HTTP headers. If it does, pre-sanitize for CRLF characters. References CWE-113: Improper...

ZSQL: Check for users with GRANT ANY PRIVILEGE permission

Searches for users with GRANT ANY PRIVILEGE permission and checks whether they are authorized to have it. Users with this permission can grant any permission to any user. Therefore, grant this permission only when absolutely necessary. Copyright C 2020 Greenbone Networks GmbH Some text descriptio...

Cumulative Update 10 for Microsoft Dynamics 365 Business Central April'19 on-premises (Application Build 14.11.41204, Platform Build 14.0.41143)

Cumulative Update 10 for Microsoft Dynamics 365 Business Central April'19 on-premises Application Build 14.11.41204, Platform Build 14.0.41143 This article applies to Microsoft Dynamics 365 Business Central Spring 2019 Update on-premises deployments for all countries and all language locales.A...

CVE-2014-4967

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with 1 a trailing " src=" clause, 2 a trailing " temp=" clause, or 3 a...

UBUNTU-CVE-2014-4967

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with 1 a trailing " src=" clause, 2 a trailing " temp=" clause, or 3 a...

Information Disclosure

schema-inspector is vulnerable to information disclosure. The vulnerability exists as the sanitize and validate functions can be bypassed, causing object's prototype properties to be enumerable...

CVE-2019-10781

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

CVE-2019-10781

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

Code injection

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

CVE-2019-10781

Schema-inspector (JS package) is affected by CVE-2019-10781 through versions before 1.6.9. A specially crafted JavaScript object can bypass sanitize() and validate(), enabling information exposure and potential property tampering. The root cause is the bypass of input sanitisation/validation with...

CVE-2019-10781

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

UBUNTU-CVE-2019-20388

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak...

Heap overflow

Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909...

CVE-2019-10602

CVE-2019-10602 affects Qualcomm display components (display HW composer) on Snapdragon platforms (APQ8053, APQ8096AU/APQ8098, MDM9…/MSM89xx, SDM845, SM8150, etc.). Description: potential use-after-free heap error during Validate/Present calls in the display HW composer, leading to local impact wi...

CVE-2019-19032

XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload...