20 matches found
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the TlsTransportPlugin. An attacker can gain unauthorized access by establishing a TLS connection without presenting a valid client certificate, as the system assigns an anonymous princip...
Improper Validation of Integrity Check Value
Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value inadequate validation of the combined fingerprint during image downloads from simplestreams servers. An attacker can cause users to deploy malicious images by providing manipulated image file...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Server: Components Services component. A high privileged attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network...
EUVD-2023-49467
Malicious code in bioql PyPI...
EUVD-2022-41810
Malicious code in bioql PyPI...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation via a flaw in the certificate validation logic, which accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. An attacker can use this to...
GHSA-6QHV-4H7R-2G9M rfc3161-client has insufficient verification for timestamp response signatures
Impact rfc3161-client 1.0.2 and earlier contain a flaw in their timestamp response signature verification logic. In particular, it performs chain verification against the TSR's embedded certificates up to the trusted roots, but fails to verify the TSR's own signature against the timestamping leaf...
CVE-2021-27811
A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of clientupgradeedition.php and Upgrade.php...
CVE-2025-2886
CVE-2025-2886 describes a flaw in the Amazon tough (TUF) client: missing validation of terminating delegations causes the client to continue searching the delegation list after a terminating delegation, potentially fetching a target from an incorrect source and altering contents. Affected softwar...
CVE-2017-20112
A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been...
USN-6913-2 php-cas vulnerability
USN-6913-1 fixed CVE-2022-39369 for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacke...
CVE-2022-39333 Cross-site scripting (XSS) in Nextcloud Desktop Client
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...
The vulnerability of the client_upgrade_edition.php and Upgrade.php components of the QibosoftX1 content management system, related to improper code generation, allows a hacker to execute arbitrary PHP code.
The vulnerability of the clientupgradeedition.php and Upgrade.php components of the QibosoftX1 content management system is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary PHP code...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
NetScaler Gateway 11.0 VPN Client and EPA Plug-in Does Not Work With Chrome Version 42 and Later
The Client and EPA Plug-ins don't work with the latest Chrome versions as support for NPAPI is disabled by default. The support will be deprecated entirely in Chrome version 45 in September 2015. From Chrome version 42, all NPAPI plugins will appear as if they are not installed. This will affect...
Debian DLA-724-1 : mcabber security update
It was discovered that there was a 'roster push attack' 0 in mcabber, a console-based Jabber XMPP client. For Debian 7 'Wheezy', this issue has been fixed in mcabber version 0.10.1-3+deb7u1. We recommend that you upgrade your mcabber packages. 0...
Debian DSA-686-1 : gftp - missing input sanitising
Albert Puigsech Galicia discovered a directory traversal vulnerability in a proprietary FTP client CAN-2004-1376 which is also present in gftp, a GTK+ FTP client. A malicious server could provide a specially crafted filename that could cause arbitrary files to be overwritten or created by the...
AOL Instant Messenger vulnerable to DoS via crafted WAV file
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM allows users to send audio files to one another. By sending a corrupt WAV formatted file, an attacker can cause the...
Windows - Client, version 21H2 and later, Upgrade & Servicing Drivers
Windows - Client, version 21H2 and later, Upgrade & Servicing Drivers...