3 matches found
Improperly Implemented Security Check for Standard
Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper verification of UE Security Capabilities in the PathSwitchRequest messages. An attacker can alter stored security capabilities for any user equipment by sending a crafte...
Code Injection
Overview snyk-php-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for PHP projects. Affected versions of this package are vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted projec...
CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...