Latest Vulnerabilities

### Summary When using a modified client or the grpc interface directly, the `RegisterRepository` call accepts _both_ the repository owner / repo **and** the repo_id. Furthermore, these two are not ...
go/github.com/stacklok/minder<0.20240226.1425
Minder trusts client-provided mapping from repo name to upstream ID
go/github.com/stacklok/minder<0.20240226.1425
Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not in the allowed scope of that CNA's CVE ID assignments.
### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written be...
maven/org.eclipse.jetty.http3:jetty-http3-common>=12.0.0<=12.0.5
maven/org.eclipse.jetty.http2:jetty-http2-common>=12.0.0<=12.0.5
maven/org.eclipse.jetty.http3:http3-common>=11.0.8<=11.0.19
maven/org.eclipse.jetty.http2:http2-common>=11.0.0<=11.0.19
maven/org.eclipse.jetty.http3:http3-common>=10.0.8<=10.0.19
maven/org.eclipse.jetty.http2:http2-common>=10.0.0<=10.0.19
and 1 more
### Summary When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memo...
pip/vyper<=0.3.10
Vyper extract32 can ready dirty memory
pip/vyper<=0.3.10
Vyper _abi_decode Memory Overflow
pip/vyper<=0.3.10
## Summary If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside t...
pip/vyper<=0.3.10
### Problem User sessions in the @nfid/embed SDK with Ed25519 keys are vulnerable due to a compromised private key `535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe`. This exposes users...
npm/@nfid/embed>=0.10.0<0.10.1-alpha.6
### Impact When SAML is used as the authentication mechanism, Central Dogma accepts unsigned SAML messages (assertions, logout requests, etc.) as they are, rather than rejecting them by default. As a...
maven/com.linecorp.centraldogma:centraldogma-server-auth-saml<=0.64.2
### Impact The SAML implementation provided by `armeria-saml` currently accepts unsigned SAML messages (assertions, logout requests, etc.) as they are, rather than rejecting them by default. As a res...
maven/com.linecorp.armeria:armeria-saml<=1.27.1
### Impact Code scanning revealed possible vulnerability in C extensions for PyPop: incorrect function calls (missing arguments or wrongly typed arguments) and redundant null pointers. ### Patches Th...
pip/pypop-genomics<1.0.2
### Impact Passing functions with very long names or complex default argument names into `function#copy` or`function#toStringTokens` may put script to stall ### Patches Fixed with https://github.com...
npm/es5-ext>=0.10.0<0.10.63
### TL;DR This vulnerability affects Kirby sites that use the new [link field](https://getkirby.com/docs/reference/panel/fields/link) and output the entered link without additional validation or sani...
composer/getkirby/cms>=4.0.0<4.1.1
Content spoofing - real Hoppscotch emails
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Showdownjs Denial of Service
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.
pip/orjson<3.9.15
langchain_experimental (aka LangChain Experimental) before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the `__import__`, ...
pip/langchain-experimental<0.0.52
rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.
rubygems/rack-cors<=2.0.1
pretix before 2024.1.1 mishandles file validation.
pip/pretix<2024.1.1
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel. This issue affects Apache Cam...
maven/org.apache.camel:camel-core>=4.1.0<4.4.0
maven/org.apache.camel:camel-core>=4.0.0<4.0.4
maven/org.apache.camel:camel-core=3.22.0
maven/org.apache.camel:camel-core>=3.21.0<3.21.4
With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(...
pip/langchain<0.1.0
Rejected reason: This CVE is a duplicate of CVE-2024-1631.
IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests
HID: usbhid: fix info leak in hid_submit_ctrl
f2fs: fix to avoid potential deadlock
i2c: Fix a potential use after free
drm/amd/display: prevent memory leak
netlabel: fix out-of-bounds memory accesses
### TL;DR This vulnerability affects Kirby sites that use the [URL field](https://getkirby.com/docs/reference/panel/fields/url) in any blueprint. A successful attack commonly requires knowledge of t...
composer/getkirby/cms>=4.0.0<=4.1.0
composer/getkirby/cms=3.10.0
composer/getkirby/cms>=3.9.0<=3.9.8
composer/getkirby/cms>=3.8.0<=3.8.4.2
composer/getkirby/cms>=3.7.0<=3.7.5.3
composer/getkirby/cms<=3.6.6.4
es5-ext Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
npm/es5-ext>=0.10.0<0.10.63
Kirby cross-site scripting (XSS) in the link field "Custom" type
composer/getkirby/cms>=4.0.0<4.1.1
ESPHome remote code execution via arbitrary file write
### TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. The attack requires user interaction by another user or visitor an...
composer/getkirby/cms>=4.0.0<=4.1.0
composer/getkirby/cms=3.10.0
composer/getkirby/cms>=3.9.0<=3.9.8
composer/getkirby/cms>=3.8.0<=3.8.4.2
composer/getkirby/cms>=3.7.0<=3.7.5.3
composer/getkirby/cms<=3.6.6.4
LibHTP unbounded folded header handling leads to denial service
Jetty connection leaking on idle timeout when TCP congested
maven/org.eclipse.jetty.http3:jetty-http3-common>=12.0.0<=12.0.5
maven/org.eclipse.jetty.http2:jetty-http2-common>=12.0.0<=12.0.5
maven/org.eclipse.jetty.http3:http3-common>=11.0.8<=11.0.19
maven/org.eclipse.jetty.http2:http2-common>=11.0.0<=11.0.19
maven/org.eclipse.jetty.http3:http3-common>=10.0.8<=10.0.19
maven/org.eclipse.jetty.http2:http2-common>=10.0.0<=10.0.19
and 1 more
A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to cod...
A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker c...
A heap-based buffer overflow vulnerability exists in the GGUF library info-&gt;ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can ...
A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker...
A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can ...
WordPress WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit Plugin <= 1.0.9 is vulnerable to Sensitive Data Exposure
Suricata http2: header handling evasion
Suricata http: heap use after free with http.request_header keyword
crafted traffic can cause denial of service
WordPress Icons Font Loader Plugin <= 1.1.4 is vulnerable to Arbitrary File Upload
Suricata's pgsql: memory exhaustion use on record parsing
WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File Upload
WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203