EUVD-2018-17837

Malware in sbrugna...

EUVD-2023-41188

Malicious code in bioql PyPI...

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

UBUNTU-CVE-2023-37360

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...

in-toto 安全漏洞

in-toto is an in-toto open source framework for protecting the integrity of the software supply chain. A security vulnerability exists in in-toto 1.4.0 and earlier versions that stems from the presence of a hidden file .intotorc in the run directory that allows an attacker to mask their activitie...

CVE-2020-12412

By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain with the https:// scheme, a blocked port number such as '1', and without a lock icon while controlling the page contents. This vulnerability affects Firefox 70...

tiffsplit buffer overflow

Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line...