a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +94 more potentially affected by CVE-2020-15196 via tensorflow-cpu (>=1.15.0 <=2.2.3)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.0.1, =0.3.3 - cemotion-apple =0.0.7 and more Source cves: CVE-2020-15196 Source advisory: OSV:PYSEC-2020-276...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +49 more potentially affected by CVE-2020-15210 via tensorflow-gpu (>=1.10.1 <=1.15.3)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.1.0, =0.1.0, =1.0.0, =0.2.3, =0.0.1, =0.0.7, =0.2.0 - keras-textclassification =0.1.6 and more Source cves: CVE-2020-15210 Source advisory: OSV:PYSEC-2020-325...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4695 more potentially affected by CVE-2020-15193 via tensorflow (>=1.0.1 <=2.2.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-15193 Source advisory: OSV:PYSEC-2020-116...

abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +233 more potentially affected by CVE-2020-15206 via tensorflow (>=1.0.1 <=1.15.3)

tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-15206 Source advisory: OSV:GHSA-W5GH-2WR2-PM6G...

Gradle Enterprise Code Issue Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A security vulnerability exists in Gradle Enterprise versions 2018.5 through 2020.2.4. The vulnerability stems from a SAML IDP configuration via upload that has XXE with a generated SSRF.No detailed...

Gradle Enterprise Cross-Site Scripting Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A cross-site scripting vulnerability exists in Gradle Enterprise versions 2020.2 through 2020.2.4. The vulnerability stems from the lack of proper validation of client-side data by the WEB application...

ai.foremast.metrics:foremast-spring-boot-1x-k8s-metrics-starter (>=0.1.6 <=0.1.7), ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.4-SB1X <=0.1.4-SB1X_6) +1217 more potentially affected by CVE-2016-9879 via org.springframework.security:spring-security-core (>=4.0.0.RELEASE <=4.1.3.RELEASE)

org.springframework.security:spring-security-core MAVEN version =4.0.0.RELEASE, =0.1.6, =0.1.4-SB1X, =1.3.1-RELEASE, =0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.6.OSS, =1.0.6.OSS, =1.0.7.OSS, =1.0.8.OSS and more Source cves: CVE-2016-9879 Source advisory: OSV:GHSA-V35C-49J6-Q8HQ...

at.molindo.social:spring-social-security (=1.1.0.RELEASE), cn.jhc:spring-social-qq (>=0.0.2 <=0.0.5) +496 more potentially affected by CVE-2014-3527 via org.springframework.security:spring-security-core (>=3.2.0.RELEASE <=3.2.4.RELEASE)

org.springframework.security:spring-security-core MAVEN version =3.2.0.RELEASE, =0.0.2, =1.0-RELEASE, =1.0.1, =1.1.2, =1.2.0, =1.2.5 and more Source cves: CVE-2014-3527 Source advisory: OSV:GHSA-WMV4-5W76-VP9G...

django-static-compress (=1.0.2), dragg (=0.0.0) +6 more potentially affected by CVE-2020-36846 +1 more via brotli (>=0.6.0 <=1.0.7)

brotli PYPI version =0.6.0, =1.2.3, =0.0.2, =0.0.3 - quart-compress =0.1.0 - vasp-tools =0.1.0 Source cves: CVE-2020-36846, CVE-2020-8927 Source advisory: OSV:PYSEC-2020-29...

@cenk1cenk2/renovate-config (>=1.0.9 <=1.4.15) potentially affected by unknown CVE via renovate (>=21.33.15 <=22.25.6)

renovate NPM version =21.33.15, =1.0.9, =1.4.15 Source cves: unknown CVE Source advisory: OSV:GHSA-36RH-GGPR-J3GJ...

@ieremeev/app (>=3.0.1 <=4.1.1), @meetup/swarm-docs (=0.7.10-beta.0) +7 more potentially affected by unknown CVE via serve (>=10.0.0 <=10.1.1)

serve NPM version =10.0.0, =3.0.1, =0.1.0, =0.0.12, =0.0.0, =0.0.10, =0.0.1, =0.0.10 Source cves: unknown CVE Source advisory: OSV:GHSA-48GC-5J93-5CFQ...

UBUNTU-CVE-2020-24379

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...

@ist-group/skolid-client-components (>=0.7.0 <=0.10.2) potentially affected by unknown CVE via personnummer (=2.1.1)

personnummer NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on personnummer and may be impacted: - @ist-group/skolid-client-components =0.7.0, =0.10.2 Source cves: unknown CVE Source advisory: OSV:GHSA-VPGC-7H78-GX8F...

@5lions/library-registry-admin (=0.0.0), @adobe/helix-cli (>=3.0.0 <=5.2.0) +366 more potentially affected by unknown CVE via dompurify (>=0.6.6 <=2.0.5)

dompurify NPM version =0.6.6, =3.0.0, =2.2.0, =0.0.2, =1.0.1, =0.6.0, =0.1.0, =0.7.3-dev, =0.7.3-dev, =0.7.3-dev, =0.7.3-dev, =0.7.3-dev, =0.15.0, =0.7.3-dev, =0.7.3-dev, =0.7.8 and more Source cves: unknown CVE Source advisory: OSV:GHSA-MJJQ-C88Q-QHR6...

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +540 more potentially affected by unknown CVE via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9PCF-H8Q9-63F6...

3nit-components (>=0.0.2 <=0.0.4), 3nit-utils (>=0.3.0 <=0.23.0) +1451 more potentially affected by CVE-2014-4671 via hapi (>=0.14.2 <=6.11.1)

hapi NPM version =0.14.2, =0.0.2, =0.3.0, =1.0.0, =1.16.0, =1.16.0, =1.16.0, =1.0.0, =0.0.1, =0.1.0, =0.9.0, =1.0.7, =0.0.1, =1.0.8, =11.1.27-alpha.4606607431 and more Source cves: CVE-2014-4671 Source advisory: OSV:GHSA-363H-VJ6Q-3CMJ...

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead default permissions are used.

...

CVE-2020-17496

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759...

Apache HTTP Server Environment Issues Vulnerabilities

Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.20 through 2.4.43, which can be exploited by ...

@benningfield-group/grunt-build-angularjs (>=0.1.0 <=0.1.2), @brandonli8/grunt-config (>=0.0.0-dev.7 <=0.0.0-dev.22) +164 more potentially affected by CVE-2020-7729 via grunt (>=1.0.0 <=1.2.1)

grunt NPM version =1.0.0, =0.1.0, =0.0.0-dev.7, =0.0.16-alpha, =1.0.0, =0.1.0-ocetnik-doc-test-storybook-2017-09-06T11-14-08-299Z, =0.0.13, =1.0.0, =1.0.0, =0.0.1, =1.0.7, =1.0.1, =1.1.12 and more Source cves: CVE-2020-7729 Source advisory: SNYK:JS-GRUNT-597546...