a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-21730 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-21730 Source advisory: OSV:PYSEC-2022-54...

Capsule8 Console SQL注入漏洞

Capsule Console is a web interface for Capsule8 from Capsule USA, Inc. It is used for event management, sensor configuration, and system analysis. A SQL injection vulnerability exists in Capsule8 Console 4.6.0 and 4.9.1, which originates from an authenticated and authorized proxy user can gain...

Vulnerabilities fixed in IBM Cognos Controller

IBM has fixed vulnerabilities in Cognos Controller. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution Use...

CVE-2021-40338

Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24;...

PT-2022-8910 · Liferay · Liferay Portal Server

Name of the Vulnerable Software and Affected Versions: Liferay Portal Server versions 7.2.0 GA1 through 7.3.5 GA6 Description: The issue allows an administrator user to inject commands through the Gogo Shell module, enabling the execution of any OS command on the Liferay Portal Server. This is...

@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +40 more potentially affected by CVE-2021-23631 via convert-svg-to-png (>=0.3.3 <=0.5.0)

convert-svg-to-png NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =1.0.3, =0.0.1, =1.4.0, =1.5.0 and more Source cves: CVE-2021-23631 Source advisory: OSV:GHSA-JV7G-9G6Q-CXVW...

CVE-2021-4133

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled...

CVE-2022-0334

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability...

aiohttp-init (=0.0.1), airhttprunner (>=3.1.4 <=3.1.6) +152 more potentially affected by CVE-2022-0338 via loguru (>=0.2.4 <=0.5.2)

loguru PYPI version =0.2.4, =3.1.4, =0.1.5, =0.1.1, =2.0.0, =0.2.3, =4.6.4, =2.3.2, =0.39.0, =0.52.0 and more Source cves: CVE-2022-0338 Source advisory: OSV:PYSEC-2022-14...

Land Software Faust Iserver 路径遍历漏洞

Land Software Faust Iserver is used by Land Software Germany to bring Faust, Faust Entry and Lidos databases to the Intranet and Internet. A path traversal vulnerability exists in Land Software FAUST iServer versions 9.0.017.017.1- 9.0.018.018.4, which stems from a lack of local include...

PT-2022-6698 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.11 to 3.11.4 Description: A flaw was found in the h5p activity web service of Moodle, which is responsible for fetching user attempt data. This flaw is related to insufficient protection of the SQL query structure, allowing...

GHSA-QRPM-P2H7-HRV2 Exposure of Sensitive Information to an Unauthorized Actor in nanoid

The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.tock:tock-nlp-model-stanford (>=19.9.0 <=22.3.2) +202 more potentially affected by CVE-2022-0239 via edu.stanford.nlp:stanford-corenlp (>=1.2.0 <=4.3.2)

edu.stanford.nlp:stanford-corenlp MAVEN version =1.2.0, =1.3, =19.9.0, =2.09, =2.7.3, =2.7.3, =2.7.3, =2.0.0, =2.0.1, =2.5, =3.0.1 - com.github.hungntbka:htime =1.0 - com.github.jenshaase.uimascala:arktweetpostagger2.11 =0.6.1 - com.github.jenshaase.uimascala:arktweettokenizer2.11 =0.6.1 -...

aiida-core (=1.0.0), alerce (>=0.2.2 <=0.2.4) +38 more potentially affected by CVE-2022-21699 via ipython (>=4.1.1 <=6.0.0)

ipython PYPI version =4.1.1, =0.2.2, =0.3.5, =2.0.3, =1.15.2, =2.0.0, =0.2.0, =2.0.0, =0.8.2, =1.0.0b1, =1.1.3.0, =1.0.0.post2, =0.0.7, =0.3.2 and more Source cves: CVE-2022-21699 Source advisory: OSV:PYSEC-2022-12...

CVE-2022-21359

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Optimization Framework. Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSo...

UBUNTU-CVE-2022-0093

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds...

PT-2022-12979 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.0 through 14.4.5 GitLab versions 14.5.0 through 14.5.3 GitLab versions 14.6.0 through 14.6.2 Description: An issue has been discovered in GitLab where it was not verifying that a maintainer of a project had the right access...

org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2022-20618 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2022-20618 Source advisory: OSV:GHSA-W2MH-6XJ5-F77F...

cc.jweb:jweb-adai (>=1.0.2 <=1.0.6), cc.jweb:jweb-boot (>=1.0.2 <=1.0.5) +74 more potentially affected by CVE-2021-43297 via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.14)

org.apache.dubbo:dubbo MAVEN version =2.7.0, =1.0.2, =1.0.2, =1.2.1, =1.28.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =0.0.1, =1.0.3, =1.0.3, =1.5.1, =2.0.1, =2.0.11 and more Source cves: CVE-2021-43297 Source advisory: OSV:GHSA-VP5X-3V8R-QPRW...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), apis-ampel (=0.1.0) +51 more potentially affected by CVE-2021-45115 via django (>=3.2.0 <=3.2.10)

django PYPI version =3.2.0, =1.0.1a0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =22.0.0.dev30 - autoreduce-utils =0.1.0 - common-framework =2021.4.1 - directory-validators =9.0.0 - django-admin-taggit-ui =0.1.0.dev0 - django-blocklist =1.0.0 - django-brazilian-zipcode =0.1.0 -...