Versions of ircdkit 1.0.3 and prior are vulnerable to a remote denial of service.
Recommendation
Upgrade to version 1.0.4.
References
https://github.com/Twipped/ircdkit/issues/1
https://github.com/Twipped/ircdkit/commit/f0cc6dc913ec17b499fa33a676bb72c…
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the use…
Versions of mysql before 2.14.0 are vulnerable to remove memory exposure.
Affected versions of mysql package allocate and send an uninitialized memory over the network when a number is provided as a password.
Only mysql running on Node.js versions belo…
Versions of selenium-binaries prior to 0.15.0 insecurely download an executable over an unencrypted HTTP connection.
In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable …
When using PySpark , it’s possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.
References
https://n…
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka “.NET Security Fe…
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible’s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the …
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and “nativeWindowOpen: true” or “sandbox: true” options, is affected by a webPreferences vulnerability that can be leveraged to perform remote code e…
Versions of metascraper prior to 5.2.0 are vulnerable to stored cross-site scripting (XSS).
Recommendation
Upgrade to version 5.2.0 or later.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-3773
https://hackerone.com/reports/309367
https://www.np…
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from “~/.confire.yaml” using the yaml.load function, a YAML parser can execute arbitrary Python com…
