docker-wkhtmltopdf-aas 安全漏洞

Docker-WKHTMLTOPDF-AAS is an open-source tool developed by Openlabs that converts HTML into PDF via a web-based service. Previous versions of Docker-WKHTMLTOPDF-AAS, including version 9f50579, had security vulnerabilities. These vulnerabilities stemmed from the app.py component, which allowed for...

Updated python-typed-ast packages fix security vulnerability

Updated python-typed-ast package fixes security vulnerabilities: typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process...

typed-ast Out-of-bounds Read

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

GHSA-M3JW-62M7-JJCM typed-ast Out-of-bounds Read

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

typed-ast Out-of-bounds Read

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

CVE-2019-19275

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

CVE-2019-19274

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

CVE-2019-19275

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

CVE-2019-19274

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

CVE-2019-19275

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

CVE-2019-19274

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

Design/Logic Flaw

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

CVE-2019-19274

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

CVE-2019-19274

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

CVE-2019-19274

CVE-2019-19274 concerns typed_ast versions 1.3.0 and 1.3.1 with a handle_keywordonly_args out-of-bounds read. The vulnerability could crash a Python interpreter that parses Python source (without execution), e.g., in web-based parsing services. Several advisories note fixes for CVE-2019-19274 (an...

CVE-2019-19275

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

CVE-2019-19275

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

Default credentials

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials f...

CVE-2018-0130

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials f...

CVE-2018-0121

A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The...