EUVD-2008-3620

Malware in sbrugna...

EUVD-2023-25428

Malicious code in bioql PyPI...

GHSA-R95J-4JVF-MRRW MongoDB Shell may be susceptible to control character Injection via shell output

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying...

CVE-2024-5687

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec- headers, meaning there is the potential for incorrect...

CVE-2024-5687

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec- headers, meaning there is the potential for incorrect...

Precision Error in getPrice due to Omission of Last Day's Interest

Lines of code Vulnerability details The code attempts to calculate the price based on the interest from the previous day by using range.end - 1. However, if the last day represented by range.end has fully passed, the interest for this day is never taken into account. Over time, these slight...

Rdiffweb Virtual Tampering Vulnerability

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. A virtual tampering vulnerability exists in Rdiffweb versions prior to 2.4.8, which can be exploited by an attacker to inject malicious...

Content Spoofing

rdiffweb is vulnerable to content spoofing. An attacker can deliver professionally crafted visual defacements to the right recipients convincingly and provide misleading information to the victims due to improper processing and rendering of user-supplied inputs...

Virual defacement allows attacker to display any message of his choice

Description This attack involves injecting malicious data into a page of a web application to feed misleading information to users of the application. This kind of attack is known as virtual defacement because the actual content hosted on the target's web server is not modified. The defacement is...

Ubuntu 18.04 LTS / 20.04 LTS : Python vulnerabilities (USN-4754-3)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4754-3 advisory. USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 and Ubuntu 20.04. In the case of...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Python vulnerabilities (USN-4428-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4428-1 advisory. It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong...

CVE-2019-17514

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that...

CVE-2019-17514

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that...

CVE-2019-15891

An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection...

Information disclosure

An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection...

CVE-2019-15891

An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection...

CVE-2019-15891

CKFinder versions ≤ 2.6.2.1 and ≤ 3.5.0 are affected by a documentation issue that could mislead users into believing there is built‑in bulletproof content sniffing protection. The root cause is misleading documentation rather than a code flaw disclosed in these sources. Publicly available refere...

CVE-2019-0319

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not...

FUD 101: How not to report healthcare cybersecurity issues

I was asked to review a report from Forescout about healthcare security by a journalist, as they were suspicious of the headlines. Here’s what got my spidey senses tingling: “The server SMB protocol is left open in 85% of connected devices in healthcare organisations, giving bad actors an easy an...

Paragon Initiative Enterprises: Github repo's wiki publicly editable

Hello Team, Primablock Github repo's wiki page is publicly editable. This enables an attacker to edit the wiki pages of the affected repo's. Adding content that may link to malicious code libraries that would be installed and used by developers or information that may mislead users. Links:...