15 matches found
EUVD-2019-11529
Malware in sbrugna...
CVE-2019-25089
A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version...
Muon Security Feature Issue Vulnerability
Muon is a minimalist private self-destructing file-hosting web server written in Clojure. A security signature issue vulnerability exists in Muon version 0.1.1. An attacker could exploit this vulnerability to cause a random value insufficiency...
CVE-2019-25089
A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version...
CVE-2019-25089
A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version...
Design/Logic Flaw
A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version...
CVE-2019-25089 Morgawr Muon handler.clj random values
A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version...
CVE-2019-25089 Morgawr Muon handler.clj random values
A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version...
CVE-2019-25089
CVE-2019-25089 affects Morgawr Muon 0.1.1. The vulnerability lies in an unknown functionality within src/muon/handler.clj that leads to insufficiently random values. Exploitation is described as remote. Remediation is available by upgrading to version 0.2.0-indev; the associated patch is c09ed972...
PT-2022-8301 · Unknown · Morgawr Muon
Name of the Vulnerable Software and Affected Versions: Morgawr Muon version 0.1.1 Description: A vulnerability has been found in Morgawr Muon, classified as problematic. It affects an unknown functionality of the file src/muon/handler.clj, leading to insufficiently random values. The attack can b...
Muon 安全特征问题漏洞
Muon is a minimalist private self-destructing file-hosting web server written in Clojure. A security signature issue vulnerability exists in Muon version 0.1.1. An attacker could exploit this vulnerability to cause a random value insufficiency...
Brave Software: `chrome://brave` available for navigation in Release build [-> RCE] + navigation to `chrome://*` using tab_helper ["Open in new tab"]
Summary: chrome://brave is available for navigation Navigation to chrome://brave + requires local file at . The file loaded in this context has access to private Muon APIs such as chrome.ipcRenderer/remote/webFrame/webViewRequest. Muon API allows executing code on the device. e.g. with...
Brave Software: Local files reading from the web using `brave://`
Summary: brave:// protocol was introduced as a replacement for AsarProtocolHandleror something like that in brave/muon after 375329. However, fix for 375329 introduced a new much severe bug that allows reading files from a user's device from the web. PoC is similar to 375329, but it uses brave://...
Brave Software: `settingcontent-ms` files lacks "mark of the web" => execute code by dbl click in Downloads toolbar
Summary: settingcontent-ms files allow launching any binary with any params. Brave doesn't mark settingcontent-ms files with "mark of the web", so the file could be executed by double click in "Downloads" toolbar. Launched settingcontent-ms file could lead to code execution with user-level...
Brave Software: Local files reading using `link[rel="import"]`
Summary: HTML file could import another file using . Brave returns Access-Control-Allow-Origin: response header for local HTML files. That leads to local files reading. This vulnerability makes 369218 critical. Products affected: Brave: 0.23.19 V8: 6.7.288.46 rev:...