81 matches found
EUVD-2021-2069
Malware in sbrugna...
EUVD-2018-4242
Malware in sbrugna...
EUVD-2015-1370
Malware in sbrugna...
EUVD-2013-0610
Malware in sbrugna...
EUVD-2013-2812
Malware in sbrugna...
EUVD-2013-2449
Malware in sbrugna...
EUVD-2023-3224
Malicious code in bioql PyPI...
EUVD-2025-29112
Malicious code in bioql PyPI...
CVE-2023-46906
juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...
CVE-2021-38384
Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...
Insertion Of Sensitive Information Into Log File
github.com/elastic/beats is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is caused due to logging the raw event object in the WARN and ERROR level if the ingesting failed with any 4XX HTTP status code except 409 or 209. This can lead to insertion of sensitive ...
GHSA-93P6-9CXV-5RPQ juzawebCMS Incorrect Access Control vulnerability
juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...
CVE-2023-46906
juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...
CVE-2023-46906
juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...
Improper access control
juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...
CVE-2023-46906
juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...
Default credentials
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...
SUSE CVE-2018-19115
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extractstatuscode in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap...
CVE-2019-19030
Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...
Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)
Impact Sean Wright from Secureworks has discovered an enumeration vulnerability. An attacker can make use of the Harbor API to make unauthenticated calls to the Harbor instance. Based on the HTTP status code in the response, an attacker is then able to work out which resources exist, and which do...