ALPINE-CVE-2020-8231

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data...

UBUNTU-CVE-2020-26415

Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 to =13.5 to =13.6 to 13.6.2...

PT-2020-16417 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: Gitlab versions 13.4.x through 13.4.7 Gitlab versions 13.5 through 13.5.5 Gitlab versions 13.6 through 13.6.2 Description: A potential DOS issue was discovered in Gitlab. It can be triggered by using a specific query name for a project search...

azureml-designer-recommender-modules (>=0.0.1 <=0.0.9), koncept (=0.2.1) +10 more potentially affected by CVE-2020-26266 via tensorflow-gpu (>=2.0.0 <=2.0.3)

tensorflow-gpu PYPI version =2.0.0, =0.0.1, =0.0.9 - koncept =0.2.1 - monk-cuda100 =0.0.1 - monk-cuda100-test =0.0.1 - monk-cuda101 =0.0.1 - monk-cuda101-test =0.0.1 - monk-keras-cuda100 =0.0.1 - monk-keras-cuda100-test =0.0.1 - monk-keras-cuda101 =0.0.1 - monk-keras-cuda101-test =0.0.1 -...

abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +245 more potentially affected by CVE-2020-26267 via tensorflow (>=1.0.1 <=1.15.4)

tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-26267 Source advisory: OSV:PYSEC-2020-140...

abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +245 more potentially affected by CVE-2020-26270 via tensorflow (>=1.0.1 <=1.15.4)

tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-26270 Source advisory: OSV:PYSEC-2020-256...

ai4bharat-transliteration (>=1.1.0 <=1.1.3), aipack (>=0.0.1 <=0.0.5) +53 more potentially affected by CVE-2020-26266 via tensorflow (>=2.0.0 <=2.0.3)

tensorflow PYPI version =2.0.0, =1.1.0, =0.0.1, =0.1.3.2, =0.2.6, =0.2.0, =0.0.2, =1.0.0.1, =0.0.1, =1.0.4, =0.6.0.post3, =0.1.3, =1.0.0, =1.0.1 and more Source cves: CVE-2020-26266 Source advisory: OSV:PYSEC-2020-254...

azureml-designer-recommender-modules (>=0.0.1 <=0.0.9), koncept (=0.2.1) +10 more potentially affected by CVE-2020-26271 via tensorflow-gpu (>=2.0.0 <=2.0.3)

tensorflow-gpu PYPI version =2.0.0, =0.0.1, =0.0.9 - koncept =0.2.1 - monk-cuda100 =0.0.1 - monk-cuda100-test =0.0.1 - monk-cuda101 =0.0.1 - monk-cuda101-test =0.0.1 - monk-keras-cuda100 =0.0.1 - monk-keras-cuda100-test =0.0.1 - monk-keras-cuda101 =0.0.1 - monk-keras-cuda101-test =0.0.1 -...

aglvq (=1.0.0), beacon-trellis (=0.1.0) +64 more potentially affected by CVE-2020-26267 via tensorflow (>=2.1.0 <=2.1.2)

tensorflow PYPI version =2.1.0, =3.0.0, =0.0.1, =0.2.0, =0.0.2, =0.1.0, =1.1.0, =0.2.0rc1, =0.2.0rc3 and more Source cves: CVE-2020-26267 Source advisory: OSV:GHSA-C9F3-9WFR-WGH7...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +49 more potentially affected by CVE-2020-26266 via tensorflow-gpu (>=1.10.1 <=1.15.4)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.1.0, =0.1.0, =1.0.0, =0.2.3, =0.0.1, =0.0.7, =0.2.0 - keras-textclassification =0.1.6 and more Source cves: CVE-2020-26266 Source advisory: OSV:GHSA-QHXX-J73R-QPM2...

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

HashiCorp Consul Docker images security vulnerability

Hashicorp HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp Hashicorp USA. The product is used to connect and provision applications across dynamically distributed infrastructures. A security vulnerability exists in HashiCorp official Consul...

adi (>=0.4.0 <=0.6.0), adi_screen (>=0.3.0 <=0.7.0) +167 more potentially affected by CVE-2020-35923 via ordered-float (>=0.2.3 <=1.0.2)

ordered-float CARGO version =0.2.3, =0.4.0, =0.3.0, =0.7.5, =0.6.0, =0.1.0, =0.1.0, =0.1.1, =0.2.0, =3.1.3, =0.1.1, =0.9.0, =0.23.0 and more Source cves: CVE-2020-35923 Source advisory: OSV:RUSTSEC-2020-0082...

PT-2020-17157 · Genivia · Dlt-Daemon

Name of the Vulnerable Software and Affected Versions: dlt-daemon versions 2.8.5 through 2.18.5 Description: A buffer overflow in the dlt filter load function in dlt common.c allows arbitrary code execution because fscanf is misused, with no limit on the number of characters to be read in the...

WESEEK GROWI Cross-Site Scripting Vulnerability

Weseek WESEEK GROWI is a suite of team collaboration software from the Japanese company WESEEK Weseek. A cross-site scripting vulnerability exists in GROWI versions 3.0.2 through 3.8.1. The vulnerability stems from a failure to adequately validate user-supplied data during the processing of a POS...

tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

Hashicorp HashiCorp Consul Security Breach

Hashicorp HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp Hashicorp USA. The product is used to connect and provision applications across a dynamically distributed infrastructure. A security vulnerability exists in HashiCorp Consul and Consu...

PT-2020-13496 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.14 through 13.3.8 GitLab CE/EE versions 13.4 through 13.4.4 GitLab CE/EE versions 13.5 through 13.5.1 Description: An issue has been discovered in GitLab CE/EE that affects all versions starting from 8.14. A path...

CVE-2020-13351

Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are =13.0, =13.4.0, =13.5.0, 13.5.2...

@across-ui/example (>=0.0.1-alpha.4 <=0.0.4-alpha.5), @agreejs/api (>=0.0.1 <=3.2.14) +752 more potentially affected by CVE-2021-23337 via lodash-es (>=4.0.0 <=4.17.20)

lodash-es NPM version =4.0.0, =0.0.1-alpha.4, =0.0.1, =0.0.2, =3.2.1, =3.2.1, =3.2.1, =0.0.1, =3.2.1, =3.2.1, =0.1.0, =0.3.14, =0.4.63, =0.4.64 and more Source cves: CVE-2021-23337 Source advisory: SNYK:JS-LODASHES-2434284...