LoRaMac-node is a reference implementation and documentation of a LoRa network node. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. All the users parsing index server URLs with dparse are impacted by this vulnerability. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. There are no known workarounds for this issue.ĭparse is a parser for Python dependency files. Users are advised to upgrade or to manually apply patch `c85a254`. The vulnerability has been patched in commit `c85a254` and will be available in release `0.20.1`. In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access.
There are no known workarounds for this issue.įat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). This issue has been addressed in commit `8eead6d` and the patch with be included in version 1.1.0.
In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. Tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database. This issue was resolved in 9.8 SP5 Critical Patch 2. A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files.
0 kommentar(er)
