CVE-2021-21368

msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map containing a key "proto", it assigns the decoded value to proto. Object.prototype.proto is an access...

Streamsoft Prestiz 安全漏洞

Streamsoft Prestiz is an ERP system for the plastics industry from Streamsoft. A security vulnerability exists in Streamsoft Prestiz that stems from the use of a custom password encoding algorithm, which could result in passwords being easily decoded...

AZL-55640 CVE-2024-50349 affecting package git for versions less than 2.40.4-1

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

ALPINE-CVE-2024-50349

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

DEBIAN-CVE-2024-50349

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

UBUNTU-CVE-2024-50349

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

CVE-2024-45414

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...

CVE-2024-7790 DevikaAI Stored Cross-Site Scripting

A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input...

CVE-2024-7790

CVE-2024-7790 describes a stored cross-site scripting vulnerability in DevikaAI affecting input handling since commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2. The root cause cited is improperly decoded user input , enabling a stored XSS condition. The CVE entries and connected sources consistent...

Motorola Solutions Vigilant Fixed LPR Coms Box Security Vulnerability

Motorola Solutions Vigilant Fixed LPR Coms Box is a license plate recognition system from Motorola Solutions USA. A security vulnerability exists in Motorola Solutions Vigilant Fixed LPR Coms Box version 3.1.171.9 and earlier, which stems from insufficient protection of logs for storing...

CVE-2024-5434

The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...

Campbell Scientific CSI Web Server 安全漏洞

Campbell Scientific CSI Web Server is a web server from Campbell Scientific. A security vulnerability exists in Campbell Scientific CSI Web Server version 1.6 and prior versions, which originates when the password for a file is stored in a weakly encoded format, which allows an attacker to decode...

CVE-2024-32662 FreeRDP rdp_redirection_read_base64_wchar out of bound read

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when WCHAR string is read with twice the size it has and converted to UTF-8, base64 decoded. The string is only used to compare against t...

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication. Recent assessments: cbeek-r7 at February 09, 2024 3:26pm UT...

CVSS 4.0 Decoded: Understanding & Implementing Changes

What is CVSS? The Common Vulnerability Scoring System CVSS is a vendor-agnostic, industry-open standard owned and maintained by The Forum of Incident Response and Security Teams FIRST. CVSS “provides a way to capture the principal characteristics of a vulnerability and produce a numerical score...

Ubuntu 16.04 ESM : Puppet vulnerabilities (USN-4804-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4804-1 advisory. It was discovered that Puppet installed modules with world writable permissions. An attacker could use this vulnerability to execute arbitrary code or...

Important: squid

Issue Overview: An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decod...

Cross-site Scripting (XSS)

critters is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to parsing documents from decoded entities within the HTML document, which can result in HTML escapes being undone, resulting in XSS...

SUSE CVE-2023-2617

A vulnerability classified as problematic was found in OpenCV wechatqrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decodedbitstreamparser.cpp. The manipulation leads to null pointer dereference. The...

DEBIAN-CVE-2023-2617

A vulnerability classified as problematic was found in OpenCV wechatqrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decodedbitstreamparser.cpp. The manipulation leads to null pointer dereference. The...