mesh project mesh - vulnerabilities and exploits

(subscribe to this query)

The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow malicious users to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the sa...

Smartmesh Project Smartmesh -Ugtoken Project Ugtoken -Gg Token Project Gg Token -First Project First -Mtc Project Mtc -Mesh Project Mesh -

A signature verification vulnerability exists in crewjam/saml. This flaw allows an malicious user to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Grafana Grafana Saml Project Saml Redhat Openshift Container Platform 3.11 Redhat Enterprise Linux 8.0 Redhat Openshift Container Platform 4.0 Redhat Openshift Service Mesh 2.0 Fedoraproject Fedora 32 Fedoraproject Fedora 33

An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions up to and including 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially ga...

Istio-operator Project Istio-operator

websocket-extensions npm module before 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and s...

Websocket-extensions Project Websocket-extensions

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and previous versions may allow malicious user to bypass security checks.

Url-parse Project Url-parse

In Async prior to 2.6.4 and 3.x prior to 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

Async Project Async Fedoraproject Fedora 36 Fedoraproject Fedora 37

A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows malicious users to cause a Denial of Service (DoS) via a crafted MESH file.

Libmeshb Project Libmeshb 7.61

qs prior to 6.10.3, as used in Express prior to 4.17.3 and other products, allows malicious users to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the att...

Qs Project Qs Qs Project Qs 6.4.0 Qs Project Qs 6.6.0 Openjsf Express Debian Debian Linux 10.0

3 Github repositories

systemd prior to 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may...

Systemd Project Systemd

6 Github repositories

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strin...

Goutils Project Goutils

1 Github repository

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook