fabric8 Kubernetes client had an arbitrary code execution flaw in versions 5.0.0-beta-1 and higher. Attackers could potentially insert malicious YAMLs due to misconfigured YAML parsing.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-4178
https:/…
Impact
A YAML deserialization in opensearch-ruby 2.0.0 can lead to unsafe deserialization using YAML.load if the response is of type YAML.
Patches
The problem has been patched in opensearch-ruby gem version 2.0.2.
Workarounds
No viable workaround. Ple…
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if a…
Awesome spawn prior to version 1.2.0 contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to …
This affects all versions of package mout. The deepFillIn function can be used to ‘fill missing properties recursively’, while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key…
A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception with a carefully crafted message.
References
https://github.com/OPCFoundation/UA-.NETStandard/secur…
A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception by sending a large number of message chunks.
References
https://github.com/OPCFoundation/UA-.NETSta…
A vulnerability was discovered in the OPC UA .NET Standard Stack that
allows a malicious client or server to bypass the application authentication mechanism
and allow a connection to an untrusted peer.
References
https://github.com/OPCFoundation/UA-…
A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to trigger a stack overflow exception in a server that exposes an HTTPS endpoint.
References
https://github.com/OPCFoundation/UA-.NETStandard/security/advi…
A vulnerability was discovered in OPC UA .NET Standard Stack that allows a malicious client or server to cause a peer to hang with a carefully crafted message sent during secure channel creation.
References
https://github.com/OPCFoundation/UA-.NETStan…
