CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. [CVSS 3.7 LOW]
Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_sort function allows remote attackers to corrupt memory and potentially achieve code execution with minimal user interaction. Public exploit code exists for this vulnerability. Users should apply the available patch (commit 53eefbcd695165a3bd8c584813b472cb4a69fbf5) to remediate the risk.
A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. [CVSS 3.3 LOW]
AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input fie...
OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, a low‑privileged logged-in user can view the full names of other users. [CVSS 3.5 LOW]
Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. [CVSS 3.1 LOW]
A security flaw has been discovered in questdb u versions up to 1.11.9. is affected by cross-site scripting (xss) (CVSS 3.5).