Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-24955

Malware in sbrugna...

7.8CVSS7.6AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-30286

Malicious code in bioql PyPI...

7.7CVSS6.6AI score0.0034EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 p.m.7 views

CVE-2020-3684

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

7.8CVSS7.2AI score0.00217EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/04/16 3:34 p.m.18 views

Permission policy information leakage in Backstage permission system

Impact A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission backend. If the permission system is not in use or if the installed permission policy does not...

4.3CVSS6.5AI score0.00251EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 7:12 a.m.8 views

CVE-2024-32477

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between libc::tcflush0, libc::TCIFLUSH and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the...

7.7CVSS6.7AI score0.0034EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/18 7:58 p.m.37 views

CVE-2024-32477 Race condition when flushing input stream leads to permission prompt bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between libc::tcflush0, libc::TCIFLUSH and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the...

7.7CVSS7.6AI score0.0034EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:29 p.m.33 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32006)

Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32006 Vulnerability Details CVEID:CVE-2023-32006 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of...

8.8CVSS9.1AI score0.01273EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2023/10/09 10:29 a.m.4 views

nodejs: Permissions policies can be bypassed via Module._load

A vulnerability was found in NodeJS. This security issue occurs as the use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...

9.8CVSS7.1AI score0.0143EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/09/26 2:56 p.m.2 views

nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()

A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...

8.8CVSS7.1AI score0.01273EPSS
Exploits0References5
Cvelist
Cvelist
added 2018/12/04 5:0 p.m.16 views

CVE-2018-6103

A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page...

6.4AI score0.01494EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2018/12/04 5:0 p.m.29 views

CVE-2018-6103

Removed by vendor...

6.5CVSS8AI score0.01494EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2007/12/27 12:0 a.m.2 views

PT-2007-6410 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.9 through 5.5.25 Apache Tomcat versions 6.0.0 through 6.0.15 Description: The default catalina.policy in the JULI logging component does not restrict certain permissions for web applications, allowing attackers to...

6.4CVSS5AI score0.39681EPSS
Exploits3References64
Rows per page
Query Builder