@aws/aws-config-catalog-module-for-backstage (>=0.1.0 <=0.2.0), @backstage-community/backstage-plugin-catalog-backend-module-mta-entity-provider (=0.3.0) +54 more potentially affected by CVE-2023-25571 via @backstage/plugin-catalog-backend (>=0.0.0-nightly-20220708025041 <=1.5.1)

@backstage/plugin-catalog-backend NPM version =0.0.0-nightly-20220708025041, =0.1.0, =0.4.0, =1.7.4, =1.0.3, =0.0.0-nightly-20240116021644, =0.0.0-nightly-20220219022334, =0.0.0-nightly-20220308022132, =0.0.0-nightly-20220311022539, =0.0.0-nightly-20220531024457, =0.0.0-nightly-20220810023539,...

VulnCheck KEV: CVE-2018-1932

IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE versions 14.0 through 15.6.7...

@arcblock/gatsby-theme-docs (>=5.7.0 <=7.34.5), @changeinc/components (>=1.0.4 <=1.0.20) +87 more potentially affected by CVE-2021-23433 +1 more via algoliasearch-helper (>=2.13.0 <=2.2.0)

algoliasearch-helper NPM version =2.13.0, =5.7.0, =1.0.4, =1.0.4, =1.0.0, =2.2.1-custom, =0.0.7, =0.1.2, =0.1.4, =0.2.3, =0.2.1, =0.0.1, =2.0.0, =0.0.0, =1.9.0, =1.0.0, =1.4.2 and more Source cves: CVE-2021-23433, CVE-2025-3193 Source advisory: SNYK:JS-ALGOLIASEARCHHELPER-3318396...

0lever-utils (>=0.0.2 <=0.0.7), 0x-web3 (=5.0.0a5) +1531 more potentially affected by CVE-2023-23931 via cryptography (>=1.8.1 <=39.0.0)

cryptography PYPI version =1.8.1, =0.0.2, =0.1.0, =0.5.0rc5, =1.0.0, =2.6.3, =1.0.4, =2.8.1, =0.4.0, =2.0.0, =0.1.1, =0.1.15 and more Source cves: CVE-2023-23931 Source advisory: OSV:PYSEC-2023-11...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.5.11) +108 more potentially affected by CVE-2023-23969 via django (>=3.2.0 <=3.2.16)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =6.2.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =0.1.26, =0.1.27 - botbuilder-applicationinsights =4.14.3 - botbuilder-integration-applicationinsights-aiohttp =4.14.3 and more Source cves: CVE-2023-23969 Source advisory:...

CVE-2023-22283

On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacke...

CVE-2022-45098

Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure...

Atlassian JIRA Data Center 授权问题漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system that is used to track and manage all...

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is an operating system from Dell USA Inc. PowerScale OneFS operating system that provides horizontal scale-out NAS. versions 8.2.0 to 9.3.0 of Dell PowerScale OneFS contain a security vulnerability that could be exploited by a remote, unauthenticated attacker to cause...

-temp-electron-manager-somiibo (=0.0.200), 003-gas-convert (=1.0.1) +20689 more potentially affected by CVE-2022-48285 via jszip (>=0.2.1 <=3.7.1)

jszip NPM version =0.2.1, =0.2.13, =1.0.0, =4.3.4, =1.0.0, =1.0.4 - 3llm =0.0.1 - 3vot-clay =2.0.1 - 4xx =0.0.1 - 5-ifc-check-cli =1.0.0 and more Source cves: CVE-2022-48285 Source advisory: OSV:GHSA-36FH-84J7-CV5H...

GitLab EE安全漏洞

GitLab Enterprise Edition EE is a content management system from the U.S.-based GitLab, Inc. A security vulnerability exists in GitLab EE versions 13.7 through 15.4.6, 15.5 through 15.5.5, and 15.6 through 15.6.1, which stems from the presence of an information leak...

Eclipse GlassFish 路径遍历漏洞

Eclipse GlassFish is an open source application server from the Eclipse Foundation. A security vulnerability exists in Eclipse GlassFish versions 5.1.0 through 6.2.5, which stems from not filtering paths that begin with a specific string...

DEBIAN-CVE-2023-0414

Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager versions 2022.3.29 to 2022.3.30, which stems from when it switches to offline mode, the forced...

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

OpenSearch Project 信息泄露漏洞

OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. An information disclosure vulnerability exists in OpenSearch Project versions 1.0.0 through 1.3.7 and...

Binwalk 路径遍历漏洞

Binwalk is a fast, easy-to-use tool from ReFirm Labs open source. It is used to analyze, reverse engineer and extract firmware images. A path traversal vulnerability exists in ReFirm Labs Binwalk versions 2.1.2b through 2.3.2, which stems from the presence of a path traversal that allows an...

@alfresco/adf-testing (=6.0.0-A.2-8258), @core-ui-kit/button (=1.1.8) +49 more potentially affected by CVE-2022-25927 via ua-parser-js (>=0.7.30 <=0.7.32)

ua-parser-js NPM version =0.7.30, =0.1.0, =0.1.5, =0.3.367, =3.34.0, =1.106.0, =1.106.0, =7.5.0 and more Source cves: CVE-2022-25927 Source advisory: OSV:GHSA-FHG7-M89Q-25R3...

DEBIAN-CVE-2022-38725

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...