12 matches found
EUVD-2020-24955
Malware in sbrugna...
EUVD-2024-30286
Malicious code in bioql PyPI...
CVE-2020-3684
u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...
Permission policy information leakage in Backstage permission system
Impact A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission backend. If the permission system is not in use or if the installed permission policy does not...
CVE-2024-32477
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between libc::tcflush0, libc::TCIFLUSH and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the...
CVE-2024-32477 Race condition when flushing input stream leads to permission prompt bypass
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between libc::tcflush0, libc::TCIFLUSH and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32006)
Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32006 Vulnerability Details CVEID:CVE-2023-32006 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of...
nodejs: Permissions policies can be bypassed via Module._load
A vulnerability was found in NodeJS. This security issue occurs as the use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...
nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()
A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...
CVE-2018-6103
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page...
CVE-2018-6103
Removed by vendor...
PT-2007-6410 · Apache +1 · Apache Tomcat +1
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.9 through 5.5.25 Apache Tomcat versions 6.0.0 through 6.0.15 Description: The default catalina.policy in the JULI logging component does not restrict certain permissions for web applications, allowing attackers to...