28 matches found
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Impact When webpack-dev-server is running on a non-HTTPS origin the default, cross-origin requests from malicious websites can load the dev server's JavaScript bundles via tags. The fix introduced in v5.2.1 CVE-2025-30359 relied on Sec-Fetch-Mode and Sec-Fetch-Site request headers to block these...
EUVD-2018-5228
Malware in sbrugna...
EUVD-2022-35844
Malicious code in bioql PyPI...
Synology DiskStation Manager Use of Insufficiently Random Values (CVE-2018-13280)
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non- HTTPS sessions via unspecified vectors. This plugin only works with Tenable.ot. Please visit...
UBUNTU-CVE-2023-5173
In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic possibly under influence of a local unprivileged webpage, leading to an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference allowin...
CVE-2023-5173
In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic possibly under influence of a local unprivileged webpage, leading to an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference allowin...
CVE-2023-5173
In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic possibly under influence of a local unprivileged webpage, leading to an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference allowin...
CVE-2022-32777
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...
CVE-2022-32778
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...
Information disclosure
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...
CVE-2022-32778
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...
CVE-2022-32778
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...
PT-2022-21459 · Wwbn · Wwbn Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: An information disclosure issue exists in the cookie functionality. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses th...
SimpleSAMLphp Unauthenticated encryption in CBC mode
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
GHSA-44PR-MGCP-V36R SimpleSAMLphp Unauthenticated encryption in CBC mode
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
CVE-2018-13280
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...
CVE-2018-13280
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...
Design/Logic Flaw
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...
CVE-2018-13280
CVE-2018-13280 affects Synology DiskStation Manager (DSM) prior to version 6.2-23739. The root cause is the use of insufficiently random values in SYNO.Encryption.GenRandomKey, which can allow remote attackers to perform a man-in-the-middle attack on non-HTTPS sessions. Practical impact stated is...
CVE-2018-13280
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...