HiddenBytes (=0.1.0), Rust-wasm (=0.1.0) +726 more potentially affected by CVE-2020-35916 via image (>=0.10.4 <=0.23.10)

image CARGO version =0.10.4, =0.1.0, =0.1.0, =0.0.3, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =0.3.0 and more Source cves: CVE-2020-35916 Source advisory: OSV:RUSTSEC-2020-0073...

PT-2020-16961 · Deephas · Deephas

Name of the Vulnerable Software and Affected Versions: deephas versions 1.0.0 through 1.0.5 Description: The issue allows an attacker to cause a denial of service and may lead to remote code execution due to a prototype pollution vulnerability. Recommendations: For deephas versions 1.0.0 through...

PYSEC-2020-26

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

Micro Focus Self Service Password Reset Information Disclosure Vulnerability

Micro Focus Self Service Password Reset SSPR is a simple, secure, and easy-to-deploy self-service password management tool that helps users reset or re-enable their own network passwords without having to call the help desk. An information disclosure vulnerability exists in Micro Focus Self Servi...

freerdp: out-of-bounds read in bitmap.c

libfreerdp/cache/bitmap.c in FreeRDP versions 1.0 through 2.0.0-rc4 has an Out of bounds read...

httpd: mod_proxy_uwsgi buffer overflow

A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...

Unspecified Vulnerability in Oracle Communications Diameter Signaling Router

Oracle Communications Diameter Signaling Router DSR is a signaling router for communications applications from Oracle Corporation. A security vulnerability exists in Oracle Communications Diameter Signaling Router versions 8.0.0.0 through 8.4.0.5, which can be exploited by an attacker to gain...

IBM Spectrum Scale Cross-Site Scripting Vulnerability (CNVD-2020-59701)

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...

jackson-databind: Lacks certain xbean-reflect/JNDI blocking

A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...

Oracle Banking Payments Information Disclosure Vulnerability (CNVD-2020-64254)

Oracle Banking Payments is a complete payment processing solution. An information disclosure vulnerability exists in the Core component of Oracle Banking Payments versions 14.1.0 through 14.4.0. An attacker could exploit this vulnerability to gain unauthorized access to critical data or full acce...

UBUNTU-CVE-2020-13327

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments...

PT-2020-16658 · Hashicorp · Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 0.9.0 through 0.12.5 Description: The client file sandbox feature in HashiCorp Nomad and Nomad Enterprise can be subverted using either the template or artifact stanzas. This issue is related to a...

CVE-2020-14824

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2020-4755

IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595...

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +754 more potentially affected by CVE-2020-8929 via com.google.crypto.tink:tink (>=1.0.0 <=1.4.0)

com.google.crypto.tink:tink MAVEN version =1.0.0, =1.1.0, =1.1.0, =1.3.0-alpha07, =1.3.0-alpha07, =2.4.0, =2.4.0, =2.3.1, =0.1.0, =0.1.3-20210127.1838-76ab4fc, =0.1.0, =0.1.3-20200811-2e41939 and more Source cves: CVE-2020-8929 Source advisory: OSV:GHSA-G5VF-V6WF-7W2R...

CVE-2020-7811

Samsung Update 3.0.2.0 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication...

alcali (>=2018.3.1 <=3000.1.0), atlantisbot-api (>=0.1.0 <=0.1.1) +131 more potentially affected by CVE-2020-25626 via djangorestframework (>=2.3.13 <=3.11.1)

djangorestframework PYPI version =2.3.13, =2018.3.1, =0.1.0, =3.5.34, =0.0.1, =0.0.1, =5.2.1, =0.3.1, =1.0.1, =0.0.1, =0.4.0, =0.0.1, =0.3.0b2, =0.7.0 and more Source cves: CVE-2020-25626 Source advisory: OSV:PYSEC-2020-263...

0lever-utils (>=0.0.2 <=0.0.7), 2keys (=0.5.1) +3794 more potentially affected by CVE-2020-26137 via urllib3 (>=1.10.2 <=1.25.8)

urllib3 PYPI version =1.10.2, =0.0.2, =0.1.0, =0.2.0rc1, =1.0.2, =0.3.4, =0.4.6, =0.1.0, =0.5.6, =1.4.0, =1.0.0, =1.2.8 and more Source cves: CVE-2020-26137 Source advisory: OSV:PYSEC-2020-148...

11x-wagtail-blog (>=0.0.0 <=0.2.0), 2u-enterprise-data (=10.22.1) +1309 more potentially affected by CVE-2020-15225 via django-filter (>=0.9.2 <=2.3.0)

django-filter PYPI version =0.9.2, =0.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.7, =2025.1.0, =3.0.0.dev0, =4.0.0.dev9 and more Source cves: CVE-2020-15225 Source advisory: OSV:GHSA-X7GM-RFGV-W973...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4742 more potentially affected by CVE-2020-15201 via tensorflow (>=1.0.1 <=2.3.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-15201 Source advisory: OSV:PYSEC-2020-124...