CVE-2020-4303

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Apache HTTP Server Uninitialized Memory Vulnerability

Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.41, which stems from modproxyft...

AZL-44904 CVE-2019-11254 affecting package delve 1.5.0-16

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

IBM Spectrum Protect Plus Command Execution Vulnerability

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A security vulnerability exists in IBM...

IBM Spectrum Protect Plus Command Execution Vulnerability (CNVD-2020-20699)

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A security vulnerability exists in IBM...

PT-2020-2798 · Sds · Sds

Name of the Vulnerable Software and Affected Versions: sds versions 0.0.0 through 3.2.0 Description: The issue is related to Prototype Pollution, where the library can be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. This is...

F5 BIG-IP Buffer Error Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A security vulnerability exists in F5 BIG-IP versions 12.1.0 through 12.1.5. An attacker can exploit the vulnerability to caus...

GitLab EE Path Traversal Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A path traversal vulnerability exists in the NPM feature ...

com.agorapulse:micronaut-snitch (>=0.1.2 <=1.1.3), io.github.oleksivio.tl.kbot:micronaut (=1.6.0) +14 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.0.0 <=1.2.10)

io.micronaut:micronaut-http-client MAVEN version =1.0.0, =0.1.2, =1.4.0, =1.1.0, =1.0.0, =1.0.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.19, =1.2.19, =1.0.3, =1.3.1 and more Source cves: CVE-2020-7611 Source advisory: SNYK:JAVA-IOMICRONAUT-561342...

2vyper (=0.3.0), black-mamba (>=0.1.0 <=0.3.0) +1 more potentially affected by unknown CVE via vyper (>=0.1.0b12 <=0.1.0b16)

vyper PYPI version =0.1.0b12, =0.1.0, =1.4.0, =1.6.7 Source cves: unknown CVE Source advisory: OSV:GHSA-MR6R-MVW4-736G...

com.akolov:doorman-core_2.12 (=0.0.5), com.avast:scala-server-toolkit-http4s-blaze-server_2.12 (=0.1.3) +55 more potentially affected by CVE-2020-5280 via org.http4s:http4s-server_2.12 (>=0.19.0 <=0.20.2)

org.http4s:http4s-server2.12 MAVEN version =0.19.0, =0.1.4, =0.1.4, =0.1.4, =0.1.4, =0.1.4, =0.1.4, =0.0.16, =0.0.13, =0.0.13, =0.0.13, =0.0.13, =0.17.0, =0.18.1 - com.github.allantl:atlassian-connect-http4s2.12 =0.0.1 and more Source cves: CVE-2020-5280 Source advisory: OSV:GHSA-66Q9-F7FF-MMX6...

CVE-2019-4553

IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958...

adversarial-labeller (=0.1.8), alo7-airflow (>=1.10.0 <=1.10.0.7) +122 more potentially affected by CVE-2020-6816 via bleach (>=1.2.2 <=3.1.1)

bleach PYPI version =1.2.2, =1.10.0, =0.1.0, =0.0.6, =0.3.0, =0.0.9, =0.3.4, =0.0.5, =0.1.0rc1, =0.1.3, =0.0.1, =0.2.1, =0.4.3 - dbx-deploy =0.6.1 and more Source cves: CVE-2020-6816 Source advisory: OSV:GHSA-M6XF-FQ7Q-8743...

thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

GitLab Improper Authorization Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Community and...

WeeChat Denial of Service Vulnerability

WeeChat is a scalable live chat client application. A code issue vulnerability exists in WeeChat versions 0.4.0 through 2.7. An attacker could exploit the vulnerability to cause a denial of service...

Eclipse Theia Data Forgery Issue Vulnerability

Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. A data forgery vulnerability exists in Eclipse Theia versions 0.3.9 through 0.15.0. A remote attacker can exploit this vulnerability...

Vesta Control Panel as System Command Injection Vulnerability

Vesta Control Panel VestaCP is an open source web hosting control panel. An operating system command injection vulnerability exists in VestaCP versions 0.9.7 through 0.9.8-23. An attacker can exploit this vulnerability to elevate privileges...

activemq: Corrupt MQTT frame can cause broker shutdown

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive...

IBM DataPower Gateway Security Bypass Vulnerability

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across...