4 matches found
CVE-2022-24785
CVE-2022-24785 concerns Moment.js where a path traversal vulnerability could be triggered in npm/server contexts when a user-supplied locale string is directly used to switch locales. Affected versions are Moment.js up to 2.29.1 (inclusive); the issue is patched in 2.29.2. The fixed version shoul...
CVE-2018-1000656
Summary (CVE-2018-1000656) The Flask component of the Pallets Project (Python) prior to 0.12.3 contains a CWE-20 Improper Input Validation vulnerability that can cause excessive memory usage, potentially leading to denial of service. The documented attack vector involves attackers sending JSON da...
CVE-2019-11486
The CVE-2019-11486 entry describes multiple race conditions in the Siemens R3964 line discipline driver (drivers/tty/n_r3964.c) of the Linux kernel, affecting versions before 5.0.8. This yields local exploitation potential with full confidentiality, integrity, and availability impact. A fix is av...
CVE-2019-3462
CVE-2019-3462 affects apt 1.4.8 and earlier due to incorrect sanitation of the 302 redirect field in the HTTP transport, enabling content injection by a MITM attacker and potentially leading to remote code execution. Public docs confirm the flaw is in apt’s redirect handling and that exploitation...