14 matches found
EUVD-2000-0712
Malware in sbrugna...
EUVD-2021-10764
Malware in sbrugna...
EUVD-2005-0866
Malware in sbrugna...
EUVD-2015-1911
Malware in sbrugna...
EUVD-2021-9108
Malicious code in bioql PyPI...
EUVD-2022-50981
Malicious code in bioql PyPI...
TencentOS Server 3: resource-agents (TSSA-2024:0387)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0387 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2011-3624
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers...
GHSA-3F65-M234-9MXR github.com/huandu/facebook may expose access_token in error message.
Summary accesstoken can be exposed in error message on fail in HTTP request. Details Using this module, when HTTP request fails, error message can contain accesstoken. This can be happen when: - module is sending HTTP request with query parameter ?accesstoken=.... - and HTTP request fails errors...
CVE-2024-22234
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...
CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...
CVE-2024-22234
CVE-2024-22234 (Spring Security) Affected: Spring Security 6.1.x prior to 6.1.7 and 6.2.x prior to 6.2.2.Vulnerability: Broken access control when an application directly calls AuthenticationTrustResolver.isFullyAuthenticated(Authentication) with a null parameter, which can erroneously return tru...
MGASA-2021-0172 Updated ruby-em-http-request packages fix security vulnerability
Updated ruby-em-http-request packages fix security vulnerability: A flaw was found in rubygem-em-http-request. The eventmachine library does not verify the hostname in a TLS server certificate which can allow an attacker to perform a man-in-the-middle attack. The highest threat from this...
FacilCMS <= 0.1RC2 Multiple Vulnerabilities - Active Check
FacilCMS is prone to multiple SQL injection SQLi and information disclosure vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...