Lucene search
K

79 matches found

CNNVD
CNNVD
added 2024/03/21 12:0 a.m.6 views

Deno 安全漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno versions 1.35.1 through 1.36.3, which stems from a Node.js compatibility issue that reuses the global buffer in streamwrap.ts...

8.3CVSS6.6AI score0.00722EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/03/06 9:2 p.m.12 views

CVE-2024-27935 Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

7.2CVSS7.2AI score0.00722EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/06 9:2 p.m.49 views

CVE-2024-27935 Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

7.2CVSS7.4AI score0.00722EPSS
Exploits1References3
OSV
OSV
added 2024/03/05 8:49 p.m.18 views

GHSA-WRQV-PF6J-MQJP Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

Summary A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer BUF in streamwrap.ts used as a performance...

7.2CVSS7.8AI score0.00722EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/03/05 8:49 p.m.30 views

Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

Summary A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer BUF in streamwrap.ts used as a performance...

8.3CVSS7.1AI score0.00722EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/05 12:0 a.m.4 views

PT-2024-22149 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions 1.35.1 through 1.36.2 Description: A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. Th...

8.3CVSS7.6AI score0.00722EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2023/07/12 12:0 a.m.21 views

.NET Core Multiple Vulnerabilities (KB5028705, KB5028706) - Windows

.NET Core prone to security feature bypass and elevation of privilege vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.1CVSS8.3AI score0.01976EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/07/11 10:45 p.m.49 views

Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

8.1CVSS8.3AI score0.01976EPSS
Exploits0References5Affected Software3
Snyk
Snyk
added 2023/07/11 12:0 a.m.3 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in .NET applications where the diagnostic server can be exploited to achieve cross-session/cross-user elevation of privilege EoP and code execution. Remediation Upgrade...

8.1CVSS7.9AI score0.01976EPSS
Exploits0References2
Snyk
Snyk
added 2023/07/11 12:0 a.m.7 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in .NET applications where the diagnostic server can be exploited to achieve cross-session/cross-user elevation of privilege EoP and code execution. Remediation Upgrade...

8.1CVSS7.9AI score0.01976EPSS
Exploits0References2
OSV
OSV
added 2023/06/02 5:15 p.m.3 views

CVE-2023-23600

Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. This bug only affects Firefox for Android. Other...

6.5CVSS7AI score
Exploits0References2
NVD
NVD
added 2023/06/02 5:15 p.m.19 views

CVE-2023-23600

Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. This bug only affects Firefox for Android. Other...

6.5CVSS5.8AI score0.00493EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.4 views

keycloak: Session takeover with OIDC offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

6.8CVSS6.3AI score0.00952EPSS
Exploits0References4
OSV
OSV
added 2020/04/16 7:15 p.m.8 views

UBUNTU-CVE-2020-11825

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation...

8.8CVSS5.8AI score0.00986EPSS
Exploits1References3
OSV
OSV
added 2018/06/11 9:29 p.m.6 views

UBUNTU-CVE-2017-7843

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not...

7.5CVSS6.8AI score0.02989EPSS
Exploits1References2
OSV
OSV
added 2018/03/07 10:29 p.m.2 views

CVE-2018-7675

In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If...

5.3CVSS5.8AI score0.00549EPSS
Exploits0References1
OSV
OSV
added 2014/04/14 12:0 a.m.3 views

UBUNTU-CVE-2010-5298

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

4CVSS7.1AI score0.34132EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2014/02/05 12:0 a.m.37 views

Oracle Secure Global Desktop Multiple Vulnerabilities (January 2014 CPU)

The remote host has a version of Oracle Secure Global Desktop installed that is affected by multiple vulnerabilities : - Specially crafted requests sent with chunked transfer encoding could allow a remote attacker to perform a 'limited' denial of service attack on the Tomcat server. CVE-2012-3544...

6.8CVSS8AI score0.11001EPSS
Exploits5References6
PyPA
PyPA
added 2008/01/16 11:0 p.m.7 views

PYSEC-2008-8

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool...

4.3CVSS6.6AI score0.0162EPSS
Exploits1References13Affected Software1
Rows per page
Query Builder