CVE-2023-36631

Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked usi...

CVE-2021-27549

Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings Device screen...

Shopify: GraphQL Introspection Enabled on Shopify API Endpoint (Intended Behavior)

Summary: Hi team ! i've found a misconfiguration in your graphql Api on the endpoint in which an attacker is able to run a graphql interospection query to fetch schemas , types , fields , available query operations , after running interospection query on the graphql api endpoint , an attacker is...

CVE-2022-27948

Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended...

Cross-site Scripting in quill

A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. No patch exists and no further releases are planned. This CVE is disputed. Researchers have claimed that...

Design/Logic Flaw

DISPUTED A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was intended behavior. Notes: none...

DEBIAN-CVE-2020-8516

The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and...

CVE-2020-8516

Affected software / component: Tor daemon up to 0.4.1.8 and 0.4.2.x through 0.4.2.6. Root cause: The daemon does not verify that a rendezvous node is known before attempting to connect to it. Impact (as stated): may allow remote attackers to discover circuit information. Contested note: Tor netwo...

CVE-2017-12778

CVE-2017-12778 concerns qBittorrent 3.3.15 UI Lock. The issue is an Authentication Bypass where an attacker with local access can gain access to qBittorrent functions by tampering the config file: set the 'locked' flag to 'false' inside the 'Locking' stanza (path: C:\Users\Roaming\qBittorrent). T...