org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.10.0 <=3.16.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.10.0 <=3.16.0) +1 more potentially affected by CVE-2017-4991 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.10.0 <=3.16.0)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.10.0, =3.10.0, =3.10.0, =3.10.0, =3.16.0 Source cves: CVE-2017-4991 Source advisory: OSV:GHSA-CGRG-X34R-78F3...

com.amazonaws.s3:jets3t (=0.5.0), com.cloudbees.cd.plugins.specs:com.cloudbees.cd.plugins.specs.gradle.plugin (>=1.1.10.11 <=1.1.10.29) +143 more potentially affected by CVE-2014-3004 via castor:castor (>=0.9.4 <=1.0)

castor:castor MAVEN version =0.9.4, =1.1.10.11, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.1.1 - geronimo:j2ee-security =1.0 - geronimo:javamail =1.0 - geronimo:jetty =1.0 and more Source cves: CVE-2014-3004 Source advisory: OSV:GHSA-JWWR-FJGH-CV2X...

com.aerse:gcless (=11.2), com.aerse:spring-security-taglib (=1.1) +344 more potentially affected by CVE-2014-0097 via org.springframework.security:spring-security-core (>=3.2.0.RELEASE <=3.2.1.RELEASE)

org.springframework.security:spring-security-core MAVEN version =3.2.0.RELEASE, =3.3.2, =1.0.6, =1.0.1, =0.0.1, =1.0.0, =1.0.0, =1.8.2, =1.8.3 and more Source cves: CVE-2014-0097 Source advisory: OSV:GHSA-GV9V-C375-HVMG...

Python 加密问题漏洞

pyjwt is a Python library by the individual developer José Padilla in the United States. It allows encoding and decoding of JSON Web Tokens JWT. A cryptographic issue vulnerability exists in pyjwt versions 1.5.0 - 2.3.0, which stems from the use of a corrupted or risky cryptographic algorithm. A...

PT-2022-13879 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.6 through 14.8.5 GitLab versions 14.9 through 14.9.3 GitLab versions 14.10 through 14.10.0 Description: An issue has been discovered in GitLab where the platform was not correctly authenticating a user who had a certain...

CVE-2022-24422

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console...

CVE-2022-30239

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971...

AgileBits 1Password 安全漏洞

AgileBits 1Password For Mac is a password management software from AgileBits Canada. It is used to store a variety of different passwords. A security vulnerability exists in 1Password version 7.2.4 through versions prior to 7.9.3, which stems from the vulnerability of passwords to process...

com.apitrary:apitrary-api-client (=0.1), com.apitrary:apitrary-orm-core (=0.1) +88 more potentially affected by CVE-2013-0239 via org.apache.cxf:cxf-rt-frontend-jaxrs (>=2.6.0 <=2.6.5)

org.apache.cxf:cxf-rt-frontend-jaxrs MAVEN version =2.6.0, =0.0.2, =1.0.0, =1.0.0, =1.0.3, =1.0.M1, =1.0.M1, =1.0.M2, =1.0.0, =1.0.0, =1.0.6 and more Source cves: CVE-2013-0239 Source advisory: OSV:GHSA-P5C5-6564-VVR8...

alignak-webui (>=0.11.1 <=0.12.2), candig-ingest (>=1.3.1 <=1.5.0) +4 more potentially affected by CVE-2013-7489 via beaker (>=1.10.0 <=1.11.0)

beaker PYPI version =1.10.0, =0.11.1, =1.3.1, =1.2.3, =0.1.0, =1.0.0, =1.0.1, =1.0.5 Source cves: CVE-2013-7489 Source advisory: OSV:GHSA-3CWM-7JMM-774W...

PT-2022-19662 · Schedmd +2 · Schedmd Slurm +2

Name of the Vulnerable Software and Affected Versions: SchedMD Slurm versions 20.11.x through 21.08.x Description: The issue is related to Incorrect Access Control, which can lead to Escalation of Privileges. Recommendations: For SchedMD Slurm versions 20.11.x through 21.08.x, update to a version...

CVE-2022-20803

A vulnerability in the OLE2 file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a...

com.base2services.jenkins:github-sqs-plugin (>=1.0 <=1.5), com.buildcoin.plugins.jenkins:buildcoin-plugin (>=1.0 <=1.4) +162 more potentially affected by CVE-2012-0324 via org.jenkins-ci.main:jenkins-core (>=1.425 <=1.453)

org.jenkins-ci.main:jenkins-core MAVEN version =1.425, =1.0, =1.0, =1.1, =1.02.03, =2.0.1, =1.0.0, =0.3.2, =1.7, =1.1, =1.0, =1.3 and more Source cves: CVE-2012-0324 Source advisory: OSV:GHSA-4W4H-8QH9-342X...

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2022-25349 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2022-25349 Source advisory: OSV:GHSA-7JVX-F994-RFW2...

GitLab 输入验证错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. An input validation error vulnerability exists in Gitlab Community Edition...

ch.qos.logback:logback-access (>=${parent.version} <=0.8), ch.qos.logback:logback-examples (>=0.6 <=0.8) +933 more potentially affected by CVE-2009-4611 via org.mortbay.jetty:jetty (>=6.0.0 <=6.1.22)

org.mortbay.jetty:jetty MAVEN version =6.0.0, =$parent.version, =0.6, =0.1.0, =0.2.2, =2.8.1, =3.4.0, =4.2.0, =1.4.42g, =4.2.1, =4.3.0, =4.3.0, =4.2.1, =4.5.1 and more Source cves: CVE-2009-4611 Source advisory: OSV:GHSA-6JXP-7G74-2RC3...

@2dine/framework-ui (>=1.0.4 <=2.1.91), @7h3laughingman/pf2e-helpers (>=7.10.0 <=8.1.0) +73 more potentially affected by CVE-2022-25854 via @yaireo/tagify (>=2.31.6 <=4.37.1)

@yaireo/tagify NPM version =2.31.6, =1.0.4, =7.10.0, =7.10.0, =1.0.18-beta.23, =1.0.0, =1.3.5-beta.744, =2.1.0, =0.0.1, =1.0.0, =1.0.9, =1.0.1, =1.2.42, =1.0.0, =0.8.0, =5.0.3 and more Source cves: CVE-2022-25854 Source advisory: OSV:GHSA-PXPF-V376-7XX5...

Apache NiFi 代码问题漏洞

Apache NiFi is a data processing and distribution system from the Apache Foundation in the United States. The system is primarily used for data routing, transformation, and system brokerage logic.A security vulnerability in Apache NiFi versions 0.0.1 through 1.16.0 stems from multiple components...

acmev02 (=0.1.0), adventure-rusoto-ecs (=0.4.0) +410 more potentially affected by unknown CVE via rusoto_credential (>=0.41.1 <=0.48.0)

rusotocredential CARGO version =0.41.1, =0.3.5, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.3.0 - aws-instance =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0071...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +298 more potentially affected by CVE-2012-1592 via org.apache.struts:struts2-core (>=2.0.11 <=2.5.20)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2012-1592 Source advisory: OSV:GHSA-8M5Q-CRQQ-6PMF...