When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. Thi...
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5.
In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This co...