sound-generator's People
sound-generator's Issues
A new vulnerability was discovered: CVE-2016-3163
The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/4497
A new vulnerability was discovered: CVE-2005-4803
graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/74571
A new vulnerability was discovered: CVE-2014-8139
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/145029
A new vulnerability was discovered: CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/6524
A new vulnerability was discovered: CVE-2017-6926
In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/102058
A new vulnerability was discovered: CVE-2016-3170
The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/4504
A new vulnerability was discovered: CVE-2016-7570
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/8009
A new vulnerability was discovered: CVE-2018-1000620
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/126594
A new vulnerability was discovered: CVE-2020-7660
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/158761
A new vulnerability was discovered: CVE-2017-6931
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but does not harden against other such bypasses. This vulnerability can be mitigated by disabling the Settings Tray module.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/102063
A new vulnerability was discovered: CVE-2016-3168
The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/4502
A new vulnerability was discovered: CVE-2018-1000216
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/111856
A new vulnerability was discovered: CVE-2016-7571
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/185860
A new vulnerability was discovered: CVE-2019-10746
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/128473
A new vulnerability was discovered: CVE-2018-3728
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/104268
A new vulnerability was discovered: CVE-2017-6919
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/35695
A new vulnerability was discovered: CVE-2017-6920
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/111413
A new vulnerability was discovered: CVE-2018-1000216
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/111856
A new vulnerability was discovered: debricked-153743
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/186521
A new vulnerability was discovered: CVE-2018-9861
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to read files on the system via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/176802
A new vulnerability was discovered: CVE-2018-1000216
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/111856
A new vulnerability was discovered: CVE-2016-9450
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/8993
A new vulnerability was discovered: CVE-2016-3169
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/4503
A new vulnerability was discovered: CVE-2017-6379
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/1646
A new vulnerability was discovered: CVE-2016-3171
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/4505
A new vulnerability was discovered: CVE-2017-6377
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/467
A new vulnerability was discovered: CVE-2016-3164
Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/4498
A new vulnerability was discovered: CVE-2020-7608
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/154282
A new vulnerability was discovered: CVE-2016-6211
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/7088
A new vulnerability was discovered: CVE-2016-7572
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/8011
A new vulnerability was discovered: CVE-2016-6212
This affects all versions of package pathval.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/185030
A new vulnerability was discovered: CVE-2020-15168
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/181582
A new vulnerability was discovered: CVE-2017-6928
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/102060
A new vulnerability was discovered: CVE-2017-6932
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1, and Sentry before 9.7.3 and 9.8.x before 9.8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/176800
A new vulnerability was discovered: CVE-2018-3719
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/107750
A new vulnerability was discovered: CVE-2019-13173
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/125359
A new vulnerability was discovered: CVE-2017-6381
This affects all versions of package pathval.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/185030
A new vulnerability was discovered: CVE-2016-3167
Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/4501
A new vulnerability was discovered: CVE-2019-11835
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/122068
A new vulnerability was discovered: CVE-2018-3728
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/104268
A new vulnerability was discovered: CVE-2020-7660
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/158761
A new vulnerability was discovered: CVE-2016-3165
The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-side form definition.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/4499
A new vulnerability was discovered: CVE-2017-6927
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/183903
A new vulnerability was discovered: CVE-2016-3166
CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/4500
A new vulnerability was discovered: CVE-2019-10747
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads.
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/128474
A new vulnerability was discovered: CVE-2016-3162
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/4496
A new vulnerability was discovered: CVE-2017-6929
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to bypass authentication mechanisms via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/176801
A new vulnerability was discovered: CVE-2016-9449
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/8992
A new vulnerability was discovered: CVE-2016-9452
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/8995
A new vulnerability was discovered: CVE-2017-6930
In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records().
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/102062
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.