All versions of package merge are vulnerable to Prototype Pollution via `_recursiveMerge`.

GramAddict allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port, `e.g.`, by being on the same Wi-Fi network.

The package async-git are vulnerable to Command Injection via shell meta-characters (back-ticks). For example, ``git.reset('a`touch HACKED`b')``

An issue was discovered in GNOME GLib If `g_byte_array_new_take()` was called with a buffer of 4GB or more on a platform, the length would be truncated modulo `2**32`, causing unintended length truncation.

An issue was discovered in GNOME GLib The function `g_bytes_new` has an integer overflow on platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow

OpenSSL supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. In order to be vulnerable a server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) The underlying error is in the implementation of the `RSA_padding_check_SSLv23()` function. This also affects the `RSA_SSLV23_PADDING` padding mode used by various other functions.

Centreon where an authorized user is able to inject additional SQL queries to perform remote command execution.

Adminer is an open-source database management in a single PHP file. In adminer from there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`)` are affected.

In Apache Thrift to, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

In Apache Thrift to, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

In Apache Thrift to, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands, for example, CWD and UPDR. When windows separators exist within the path (`\`), `path.resolve` leaves the upper pointers intact and allows the user to move beyond the root folder defined for that user. We did not take that into account when creating the path resolve function. The issue is patched (commit b859450a37cba10ff3c431eb4aa67771122e3).

The System Information Library for `Node.As` a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to `si.inetLatency()`, `si.inetChecksite()`, `si.services()`, `si.processLoad()` ... do only allow strings, reject any arrays. String sanitation works as expected.

In Apache Thrift to, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

An issue was discovered in NFStream Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).

As mitigation for CVE-2020-1945 Apache Ant changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately, the `fixcrlf` task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

All versions of package static-eval are vulnerable to arbitrary code execution using `FunctionExpressions` and `TemplateLiterals`.

Keycloak suffers from an information disclosure through error messages. A logged in user can do an account email enumeration attack.

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers. There is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method `File.createTempFile` on unix-like systems creates a random file, but, by default will create this file with the permissions `-rw-r--r--`. Thus, if sensitive information is written to this file, other local users can read this information.

Keycloak suffers from an information disclosure through an error message. A logged in user can do an account email enumeration attack.

Keycloak suffers from an information disclosure through an error message. A logged in user can do an account email enumeration attack.

Keycloak suffers from an information disclosure through an error message. A logged in user can do an account email enumeration attack.

The PostgreSQL adapter in Active Record suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

The Host Authorization middleware in Action Pack suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers. There is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method `File.createTempFile` on unix-like systems creates a random file, but, by default will create this file with the permissions `-rw-r--r--`. Thus, if sensitive information is written to this file, other local users can read this information.

In jQuery, passing HTML containing `<option>` elements from untrusted sources, even after sanitizing it, to one of jQuery's DOM manipulation methods (i.e., `.html()`, `.append()`, and others) may execute untrusted code.

In jQuery, passing HTML containing `<option>` elements from untrusted sources, even after sanitizing it, to one of jQuery's DOM manipulation methods (i.e., `.html()`, `.append()`, and others) may execute untrusted code.

Keycloak suffers from an information disclosure through an error message. A logged in user can do an account email enumeration attack.

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers. There is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method `File.createTempFile` on unix-like systems creates a random file, but, by default will create this file with the permissions `-rw-r--r--`. Thus, if sensitive information is written to this file, other local users can read this information.

Keycloak suffers from an information disclosure through an error message. A logged in user can do an account email enumeration attack.

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers. There is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method `File.createTempFile` on unix-like systems creates a random file, but, by default will create this file with the permissions `-rw-r--r--`. Thus, if sensitive information is written to this file, other local users can read this information.

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers. There is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method `File.createTempFile` on unix-like systems creates a random file, but, by default will create this file with the permissions `-rw-r--r--`. Thus, if sensitive information is written to this file, other local users can read this information.

An authorization flaw was found in podman. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

The Elastic APM agent for Go can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.

Magento does not sufficiently protect resources. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.

Magento is vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.

Magento is vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.

Magento is vulnerable to Cross-Site Scripting in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.

Magento is vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.

Magento is vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.

Magento is vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.

Magento is vulnerable to Cross-Site Request Forger. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.

Magento is vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.

Magento does not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.

Magento is vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.

Magento is vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires user interaction.

Magento is vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.

Magento is vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.

Magento does not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the `full_load` method or with the `FullLoader` loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the `python/object/new` constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Magento is vulnerable to SQL Injection. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.

A cross-site scripting (XSS) vulnerability in the forms component of Mautic allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).

httplib2 is a comprehensive HTTP client library for Python. In httplib2, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server.

An OS Command Injection vulnerability was found in node-ps located on line 72 of `lib/index.js.`

sanitize-html does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass the hostname allowlist validation set by the `allowedIframeHostnames` option.

sanitize-html does not properly validate the hostnames set by the `allowedIframeHostnames` option when the `allowIframeRelativeUrls` is set to true, which allows attackers to bypass the hostname allow list for an iframe element, when using a src value that starts with `/\\example.com`.

The macfromip package suffers from an OS Command Injection. The vulnerability is located on line 66 `macfromip.js.`

The spritesheet-js package depends on a vulnerable package `platform-command`. The injection point is located on line 32 in `lib/generator.js`, which is triggered by main entry of the package.

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the `message.jsp` page of Apache ActiveMQ.

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the `message.jsp` page of Apache ActiveMQ.

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the `message.jsp` page of Apache ActiveMQ.

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the `message.jsp` page of Apache ActiveMQ.

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the `message.jsp` page of Apache ActiveMQ.

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the `message.jsp` page of Apache ActiveMQ.

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the `message.jsp` page of Apache ActiveMQ.