2155 matches found
Updated dojo packages fix security vulnerability
Updated dojo package fixes security vulnerabilities: In affected versions of dojo, the deepCopy method is vulnerable to prototype Pollution. An attacker could manipulate these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other valu...
Pichi Trust Management Issues Vulnerabilities
Pichi is a rule-based proxy software. A security vulnerability in the boost ASIO wrapper in the net/asio.cpp file in versions prior to Pichi 1.3.0 stems from the program's failure to check for TLS hostnames. No details of the vulnerability are provided at this time...
CVE-2020-13616
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification...
CVE-2020-13616
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification...
Design/Logic Flaw
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification...
CVE-2020-13616
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification...
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
Updated matio packages fix security vulnerability
Updated matio packages fix a security vulnerability: Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvarstruct.c CVE-2019-13107. The matio package has been updated to version 1.5.16 to fix this issue. Also: - The scilab package has been...
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
Node.js third-party modules: [vboxmanage.js] Command Injection via insecure command concatenation
I would like to report a Command Injection issue in the vboxmanage.js module. It allows to execute arbitrary commands on the victim's PC. Module module name: vboxmanage.js version: 1.0.6 npm page: https://www.npmjs.com/package/vboxmanage.js Module Description A wrapper for VirtualBox CLI with...
Node.js third-party modules: [wireguard-wrapper] Command Injection via insecure command concatenation
I would like to report a Command Injection issue in the wireguard-wrapper module. It allows to execute arbitrary commands on the victim's PC. Module module name: wireguard-wrapper version: 1.0.2 npm page: https://www.npmjs.com/package/wireguard-wrapper Module Description This project is a nodejs...
PowerShell-Suite
This is an exploit module/toolkit targeting Windows UAC User Account Control bypass. The module, named "Bypass-UAC," provides a framework for performing UAC bypasses based on auto-elevating IFileOperation COM object method calls. It implements a function that rewrites PowerShell's PEB Process...
Denial Of Service (DoS)
php is vulnerable to denial of service DoS. The vulnerability exists as a bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL...
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
Design/Logic Flaw
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources aka SSRF or leak files from the local system using the...
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
Manage Origin Offload and Egress Fees for Live and On-Demand
Origin offload has received more attention in the past few years as more customers have moved their origins to the cloud. As such, the cost to access data has become an important issue. To support this move, Akamai has developed Cloud Wrapper to provide customers with a way to securely connect to...