9 matches found
EUVD-2005-4600
Malware in sbrugna...
EUVD-2023-43120
Malicious code in bioql PyPI...
CVE-2022-48306 Gotham Chat IRC help does not validate hostnames in TLS certificates
Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept...
CVE-2022-44562
The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks...
Mozilla Firefox Security Advisories (MFSA2019-12, MFSA2019-14) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
The vulnerability of Google Chrome’s browser allows a hacker to determine which website was visited using an HSTS connection.
The vulnerability of the CSPSource::schemeMatches function in the WebKit/Source/core/frame/csp/CSPSource.cpp file of the Content Security Policy implementation in the Blink component of the Google Chrome browser is related to the lack of application of http policies for https addresses and ws...
Memory corruption
Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted RTF data, aka "RTF Mismatch Vulnerability."...
Code injection
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service incorrect memory access or possibly have unspecified other impact via unknown vectors...