customerproject's People
customerproject's Issues
A new vulnerability was discovered: debricked-149573
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207622
A new vulnerability was discovered: CVE-2009-4591
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48669
A new vulnerability was discovered: CVE-2020-8203
Prototype pollution attack when using _.zipObjectDeep in lodash <= 4.17.15.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/177228
A new vulnerability was discovered: debricked-154240
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/186929
A new vulnerability was discovered: CVE-2008-2231
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/51355
A new vulnerability was discovered: CVE-2020-8427
Kaseya Traverse before 9.5.20 allows OS command injection attacks against user accounts, associated with a Netflow Top Applications reporting API call. This is exploitable by an authenticated attacker who submits a modified JSON field within POST data.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/146009
A new vulnerability was discovered: debricked-154139
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/186834
A new vulnerability was discovered: CVE-2009-4590
Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48668
A new vulnerability was discovered: CVE-2009-4591
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48669
A new vulnerability was discovered: debricked-1030
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/188338
A new vulnerability was discovered: CVE-2020-8338
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/184248
A new vulnerability was discovered: CVE-2020-12265
The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/156963
A new vulnerability was discovered: CVE-2018-1000021
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/101064
A new vulnerability was discovered: CVE-2020-28275
Prototype pollution vulnerability in 'cache-base' versions 0.7.0 through 4.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/204989
A new vulnerability was discovered: CVE-2018-20482
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/116884
A new vulnerability was discovered: CVE-2009-4592
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207781
A new vulnerability was discovered: CVE-2020-7774
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187733
A new vulnerability was discovered: CVE-2002-1216
GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/84377
A new vulnerability was discovered: CVE-2021-29940
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/219615
A new vulnerability was discovered: CVE-2009-4592
Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to include arbitrary local files via unknown vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48670
A new vulnerability was discovered: CVE-2008-2553
Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/51658
A new vulnerability was discovered: CVE-2009-4590
Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48668
A new vulnerability was discovered: CVE-2010-0624
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/39950
A new vulnerability was discovered: CVE-2020-8338
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/184248
A new vulnerability was discovered: debricked-337
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/186329
A new vulnerability was discovered: CVE-2019-9923
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/119949
A new vulnerability was discovered: CVE-2001-1267
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/82881
A new vulnerability was discovered: debricked-1030
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/188338
A new vulnerability was discovered: CVE-2008-2553
Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/51658
A new vulnerability was discovered: CVE-2018-11233
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/107059
A new vulnerability was discovered: CVE-2017-15298
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/95874
A new vulnerability was discovered: CVE-2015-8860
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/15629
A new vulnerability was discovered: CVE-2020-7751
This affects all versions of package pathval.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/185030
A new vulnerability was discovered: CVE-2020-28168
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/185860
A new vulnerability was discovered: CVE-2020-28275
Prototype pollution vulnerability in 'cache-base' versions 0.7.0 through 4.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/204989
A new vulnerability was discovered: CVE-2002-1647
The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/84779
A new vulnerability was discovered: CVE-2007-4476
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/60778
A new vulnerability was discovered: CVE-2002-1647
The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/84779
A new vulnerability was discovered: debricked-154310
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/186993
A new vulnerability was discovered: debricked-160896
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/211441
A new vulnerability was discovered: CVE-2021-23358
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/212580
A new vulnerability was discovered: debricked-171
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207147
A new vulnerability was discovered: debricked-149668
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207717
A new vulnerability was discovered: CVE-2020-7774
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187733
A new vulnerability was discovered: CVE-2020-7751
This affects all versions of package pathval.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/185030
A new vulnerability was discovered: debricked-154310
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/186993
A new vulnerability was discovered: CVE-2021-20193
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/212532
A new vulnerability was discovered: debricked-154139
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/186834
A new vulnerability was discovered: debricked-337
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/186329
A new vulnerability was discovered: CVE-2008-2231
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/51355
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.