Impact
What kind of vulnerability is it? Who is impacted?
The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or cr…
Impact
Internal fields (keys used internally by Parse Server, prefixed by _) and protected fields (user defined) can be used as query constraints. Internal and protected fields are removed by Parse Server from query results and are only returned to the…
Impact
SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a seconday authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery c…
This issue and vector is similar to RUSTSEC-2020-0029 of rgb crate which mozjpeg depends on.
Affected versions of mozjpeg crate allow creating instances of any type T from bytes,
and do not correctly constrain T to the types for which it is safe to do …
Impact
When a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic.
Patches
The problem is patched in tag v0.4.0, by the commit d9d478ff0c13b8b09ace030db9262f3…
Impact
An attacker can max out the number of client connections allowed by the ledger that was deployed using guidance provided in the indy-node repository, leaving the ledger unable to be used for its intended purpose.
The ledger content will not be i…
Impact
Harbor fails to validate the user permissions to view Webhook policies including relevant credentials configured in different projects the user doesn’t have access to, resulting in malicious users being able to read Webhook policies of other use…
Impact
Harbor fails to validate the user permissions when updating tag retention policies. API call:
PUT /retentions/{id}
By sending a request to update a tag retention policy with an id that belongs to a project
that the currently authenticated use…
Observation
When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are being constructed using user input (e.g. the repository URL). When building the commands, …
Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK allows for specific data inputs to cause high memory consumption, which in some platforms could cause the controller to panic and stop processing reconciliat…
