132 matches found
Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion
Vulnerability Disclosure: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in withXSRFToken Boolean Coercion Summary The Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. Whe...
EUVD-2017-8694
Malware in sbrugna...
EUVD-2017-8672
Malware in sbrugna...
EUVD-2017-8674
Malware in sbrugna...
EUVD-2017-8683
Malware in sbrugna...
PT-2025-39318
Name of the Vulnerable Software and Affected Versions counterpart versions prior to 0.18.6 Description A flaw exists in the 'counterpart' library for Node.js and the browser because of inadequate sanitization of user-controlled input during translation key processing. Insufficient validation of...
color-convert 安全漏洞
color-convert is a color conversion function in JavaScript by Josh Junon Personal Developer. A security vulnerability exists in color-convert version 3.1.1, which stems from malicious code implanted after a phishing attack on an account, and could lead to the redirection of cryptocurrency...
Linux Distros Unpatched Vulnerability : CVE-2017-17525
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which...
Linux Distros Unpatched Vulnerability : CVE-2017-17535
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow...
Linux Distros Unpatched Vulnerability : CVE-2017-17520
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tools/urlhandler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...
Linux Distros Unpatched Vulnerability : CVE-2018-10992
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows...
Linux Distros Unpatched Vulnerability : CVE-2017-17529
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - af/util/xp/utgofile.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might all...
Linux Distros Unpatched Vulnerability : CVE-2017-17515
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...
Linux Distros Unpatched Vulnerability : CVE-2017-17511
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to...
Linux Distros Unpatched Vulnerability : CVE-2017-17517
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow...
Linux Distros Unpatched Vulnerability : CVE-2017-17514
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers t...
Linux Distros Unpatched Vulnerability : CVE-2017-17528
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, whi...
Linux Distros Unpatched Vulnerability : CVE-2017-17531
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...
Linux Distros Unpatched Vulnerability : CVE-2017-17519
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batteriesConfig.mlp in OCaml Batteries Included aka ocaml-batteries 2.6 does not validate strings before launching the program specified by the BROWSER...
Linux Distros Unpatched Vulnerability : CVE-2017-17530
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...