The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-43565
https://groups.google.com/forum/#!forum/golang-announce
http…
There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-21516
https://github.com/liufee/cms/issues/46
https:…
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-36663
https://github.com/GluuFederation/oxAuth/releases/ta…
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
References
https://n…
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
References
https://nv…
Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of a database. Users should upgrade to version 0.13.1, which addresses this issue.
References
https://nvd.nist.gov/vuln/…
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
References
https://nv…
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
References
https://nv…
In Apache Airflow versions 2.2.4 through 2.3.3, the database webserver session backend was susceptible to session fixation.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-38054
https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb
htt…
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the –daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local u…
