node-request-retry 信息泄露漏洞

node-request-retry is a method of automatically retrying a request when a connection fails with an ECONNRESET, ENOTFOUND, ESOCKETTIMEDOUT, ETIMEDOUT, ECONNREFUSED, EHOSTUNREACH, one of EPIPE, EAIAGAIN, or when an HTTP 5xx or 429 errors, the request will be automatically retried, as these are...

Istio 授权问题漏洞

Istio is an open platform for connecting, managing and securing microservices. Istio suffers from an authorization issue vulnerability that stems from the Istio control plane "istiod" being susceptible to request processing errors in the affected version. An attacker could use this vulnerability ...

The vulnerability of the Mozilla Firefox browser, related to errors in processing HTML content, allows a hacker to execute arbitrary code.

The vulnerability of the Mozilla Firefox browser is related to errors in processing HTML content. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...

The vulnerability of Wi-Fi router microprogramming software web applications of D-Link DIR-X1860 allows a intruder to trigger a service failure.

The vulnerability of the web-based application of D-Link DIR-X1860 wireless routers is related to resource release errors. Exploiting this vulnerability allows a malicious actor to cause service failures through a specially created web page...

The vulnerability of the universal monitoring system Zabbix, related to authentication errors, allows a intruder to execute arbitrary code with root privileges.

The vulnerability of the Zabbix universal monitoring system is related to authentication errors. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges...

ROS-20220217-01

MariaDB database management system vulnerability, related to a formatted string error in the in the implementation of the CONNECT function. Exploitation of the vulnerability could allow an attacker acting remotely, send a specially crafted SQL query containing format string specifiers and execute...

Business Logic Errors

microweber/microweber is vulnerable to business logic errors. Lack of secure validation of sessionid for usermanager in the function removeitem causes business logic errors...

CVE-2022-0688

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0688

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0688

CVE-2022-0688 affects microweber/microweber prior to 1.2.11. The Red Hat OSV/GHSA entries and related records describe a business logic/ insecure direct object reference issue in Microweber that can enable a malicious actor to manipulate cart contents (e.g., removing items) without proper authori...

CVE-2022-0688 Business Logic Errors in microweber/microweber

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0688 Business Logic Errors in microweber/microweber

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11...

GHSA-3P9J-442X-HJP7 Business Logic Errors in microweber

microweber prior to 1.2.11 allows multiple uses of a single-use coupon...

CVE-2021-20322

A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...

Design/Logic Flaw

A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...

CVE-2021-20322

CVE-2021-20322 relates to a Linux kernel ICMP handling flaw (ICMP fragment needed/redirect) that lets an off-path attacker quickly discover UDP port usage, bypassing UDP source port randomization. The connected advisories confirm this affects the Linux kernel and multiple distributions and mentio...

CVE-2021-20322

A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...

The vulnerability of the Service Worker API in browsers such as Google Chrome and Microsoft Edge allows a malicious actor to execute arbitrary code.

The vulnerability of the Service Worker API in browsers such as Google Chrome and Microsoft Edge is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of Microsoft Windows Defender operating systems, which allows a hacker to bypass security restrictions

The vulnerability of Microsoft Windows Defender operating systems is related to security configuration errors. Exploiting this vulnerability can allow attackers to circumvent security restrictions...

The vulnerability of the Resilient File System (ReFS) in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Resilient File System ReFS in Windows operating systems is related to errors in code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...