20 matches found
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
EUVD-2025-11411
Malicious code in bioql PyPI...
CVE-2022-20341
In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2025-27540
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and...
About the security content of Safari 18.4
About the security content of Safari 18.4 This document describes the security content of Safari 18.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
RHEL 9 : nodejs:20 (RHSA-2024:5815)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5815 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
CVE-2022-20341
In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20341
In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
Design/Logic Flaw
In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20341
CVE-2022-20341 affects Android 13’s ConnectivityService, where a missing permission check enables a local bypass of network permissions. This could allow an information disclosure of tethering interfaces with no additional execution privileges required, and does not require user interaction. Expl...
CVE-2022-20341
In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
PT-2022-14567 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a missing permission check in the ConnectivityService, which could allow bypassing of network permissions. This might lead to local information disclosure of...
Authorization Bypass
java is vulnerable to authorization bypass. The vulnerability exists as the privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture CORBA implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current...
What I expect from IT Asset Inventory
The main problem of vulnerability management, in my opinion, is that it is not always clear whether we know about ALL network hosts existing in our infrastructure or not. So, not the actual process of scanning and the detection of vulnerabilities, but the lack of knowledge what we should scan...
Chuckle - An Automated SMB Relay Script
Chuckle is an automated SMB Relay Script. Chuckle requires a few tools to work: SMBRelayX.py Veil latest version from git Responder Chuckle will detect which version you are using. Nmap Nbtscan unixwiz MSFconsole Usuage should be fairly simple, run as root or use sudo: sudo ./chuckle.sh Wait a...
RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01
Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
java security update
CentOS Errata and Security Advisory CESA-2010:0768 Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...
Microsoft Windows SMB Shares Access
The remote has one or more Windows shares that can be accessed through the network with the given credentials. Depending on the share rights, it may allow an attacker to read / write confidential data. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10396;...
nt.rsh.rcp.txt
Date: Thu, 8 Apr 1999 19:11:54 -0700 From: Eric Gisin To: [email protected] Subject: rsh/rcp is not secure This is really a UNIX rshd bug, but it affects users of the NT clients. It's old news that the BSD rsh/rcp services are not secure, however rshd is still is enabled in many UN...