12 matches found
EUVD-2025-34679
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents...
EUVD-2012-3519
Malware in sbrugna...
EUVD-2023-28074
Malicious code in bioql PyPI...
CVE-2023-24011
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
CVE-2023-24012
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
CVE-2023-24012 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Open DDS
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
CVE-2023-24012
CVE-2023-24012 describes a vulnerability in the Data Distribution Service (DDS) chain of trust where an attacker can craft malicious DDS Participants or ROS 2 Nodes with valid certificates to take full control of a secure DDS databus. The root cause is a non-compliant implementation of permission...
CVE-2023-24011 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Cyclone DDS
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
Design/Logic Flaw
Open Source Competency Center OSCC MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document...
CVE-2012-3572
The CVE-2012-3572 entry concerns OSCC MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, where uploaded documents are not properly verified. This allows remote authenticated users to execute arbitrary PHP code via a crafted document, indicating a remote code execution vulnerability in the docume...
PGP 5.x/6.x/7.0 - ASCII Armor Parser Arbitrary File Creation
source: https://www.securityfocus.com/bid/2556/info ASCII Armor is a text based encoding format used by PGP Pretty Good Privacy. While it is possible to encode any file using ASCII Armor, it is used by PGP to encode signature files and public keys to facilitate transmission in e-mail messages. Wh...
Проблемы с SSL-сертификатами в IE
SSL-сертификат проверяется только при первом соединении с сервером, при этом для документов полученных через IMG и FRAME не проверяется дата устаревания сертификата и имя сервера...