Denial Of Service (DoS)

ImageMagick is vulnerable to Denial Of Service DoS. A malicious user is able to pass a PNG image, causing the conversion process to wait for stdin input resulting in a system hang...

Timing Attack

openssl is vulnerable to Timing Attack. The vulnerability exists in rsa/rsaossl.c because an attacker can recover ciphertext with a Bleichenbacher style attack by sending a large number of trial messages...

Malicious code in beautifulsuop4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 283e16e22e631a7d08ec3203e5e9fa4e1adef652f915ff4b26fa499b8a2662fb Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Stored XSS in "DATA IMPORTS" module

Description Due to improper data sanitization and validation in "DATA IMPORTS" module allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Payload In this PoC, I can inject into "Address" and "City" fields when importing new user by using the...

Google Android Kernel elevation of privilege vulnerability (CNVD-2023-12019)

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in veritytarget in dm-verity-target.c of the Google Android Kernel, which stems from the program not properly checking for privileges. An attacker could exploit the vulnerabili...

MAL-2023-2379 Malicious code in websockeets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d3684f6102d0addfd584997b5be2ba86d46d0dcd16759fce4e5c5126d14d282b Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2145 Malicious code in rcyptocompare (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 37093563a21210c8b55167f05fcf2d52a13425c2522a07c7356062c8a1c8ece9 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-1735 Malicious code in cryptofede (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 54b0e74ce1e816a0852f9efb63ad3e0373bd650cb954c01448aed77e013f518e Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

IBM WebSphere Application Server Code Injection Vulnerability

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform.A code injection vulnerability exists in IBM WebSphere...

IBM Sterling External Authentication Server Encryption Issue Vulnerability

IBM Sterling External Authentication Server is a client application from International Business Machines IBM that enables extended authentication and verification services for IBM products. A cryptographic issue vulnerability exists in IBM Sterling External Authentication Server version 6.1.0, IB...

CVE-2022-4304

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

Composer Repository Credentials Disclosure

Composer is a tool used for dependency management in PHP. It allows developers to declare the libraries their web application depends on and to manage it for them. PHP packages can be hosted on a private Composer repository, requiring authentication in order to interact with it. When exposed,...

Modoboa Cross-Site Scripting Vulnerability

modoboa is an email hosting and management platform for individual developers. A cross-site scripting vulnerability exists in versions prior to modoboa 2.0.4. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2023:0311-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0311-1 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be...

GHSA-XHJQ-W7XM-P8QJ golang.org/x/crypto/ssh Man-in-the-Middle attack

The Go SSH library golang.org/x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks if ClientConfig.HostKeyCallback is not set. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...

CVE-2022-47413

Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...

CVE-2022-47413

Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...

Design/Logic Flaw

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. Chromium security severity: High...

CVE-2022-40691

An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability...

RUSTSEC-2023-0007 Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...