140 matches found
CVE-2023-0639
Summary: TRENDnet TEW-652BRP (version 3.04b01) exposes a Cross-Site Scripting issue in the Web Management Interface via the get_set.ccp endpoint, caused by improper handling of the nextPage parameter. This could allow remote attackers to inject scripts when data is viewed. Affected: TRENDnet TEW-...
Trojan-Dropper.Win32.Corty.10 MVID-2022-0639 Insecure Credential Storage
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/f72138e574743640bdcdb9f102dff0a5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Corty.10 Vulnerability: Insecure Credential Storage Description: The...
CVE-2022-0639
An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add an at symbol @ while submitting a URL. This issue enables the bypass of validation or block-listing restrictions...
CVE-2022-0639
creationtimestamp| type| source ---|---|--- 2022-02-17 20:37:30+00:00| seen| https://t.me/cibsecurity/37671...
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639
CVE-2022-0639 affects the Node.js URL parser library used in npm installs, specifically the node-url-parse package. Debian and Debian LTS advisories (DLA-4413-1) describe an authorization bypass where an incorrect conversion of special characters in the protocol (notably the @ character in href) ...
CVE-2021-0639
creationtimestamp| type| source ---|---|--- 2021-08-17 22:16:08+00:00| seen| https://t.me/cibsecurity/27454...
CVE-2021-0639
CVE-2021-0639 affects Android/Widevine through libl3oemcrypto.cpp. Described as a local information disclosure due to weaknesses in the obfuscation/handling of sensitive data; requires no user interaction. Documented impact is partial confidentiality loss with local access and no privileges beyon...
SUSE: Security Advisory (SUSE-SU-2019:0639-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2012:0128-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:0639-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Multiple Vulnerabilities (KB4534273)
This host is missing a critical security update according to Microsoft KB4534273 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Information disclosure
An information disclosure vulnerability exists in the Windows Common Log File System CLFS driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0639...
CVE-2020-0639
CVE-2020-0639 is a Windows Common Log File System (CLFS) Driver Information Disclosure vulnerability. Connected CNVD entries describe a flaw where memory objects are mishandled, allowing an authenticated attacker who logs on and runs a crafted application to read data from memory. The CVSSv3 base...
Microsoft Windows Common Log File System CVE-2020-0639 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Versio...
KB4534312: Windows Server 2008 January 2020 Security Update
The remote Windows host is missing security update 4534312 or cumulative update 4534303. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Common Log File System CLFS driver when it fails to properly handle objects in memory. ...