EUVD-2024-36337

Malicious code in bioql PyPI...

CVE-2021-43412

An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access...

CVE-2024-36384

Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification messages...

CVE-2024-36384

Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification messages...

CVE-2024-36384

CVE-2024-36384 affects Pointsharp Cryptshare Server prior to 7.0.0. The issue is an XSS in notification messages (root cause not explicitly detailed in the documents). Impact is described as a cross-site scripting vulnerability with a CVSS v3.1 base score of 6.1 (Medium), network access, user int...

CVE-2024-36384

Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification messages...

CVE-2021-43412

CVE-2021-43412 affects GNU Hurd before 0.9 (20210404-9). The issue resides in libports, which accepts fake notification messages from any client on any port, enabling a use-after-free in port handling and leading to local privilege escalation to full root access. Connections across sources (Red H...

Command Injection in @theia/messages

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

Eclipse Theia Injection Vulnerability

Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. An injection vulnerability exists in Eclipse Theia 0.16.0 and earlier versions, which stems from the absence of HTML escaping in...

CVE-2021-28162

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

Design/Logic Flaw

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

CVE-2021-28162

The vulnerability CVE-2021-28162 affects Eclipse Theia

CVE-2021-28162

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

Eclipse Theia 注入漏洞

Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. An injection vulnerability exists in Eclipse Theia 0.16.0 and earlier versions, which stems from the absence of HTML escaping in...

Juniper Junos RCE (JSA10871)

According to the self reported version of Junos OS on the remote device it is affected by a remote code execution vulnerability in the routing protocol daemon RPD. An unauthenticated, remote attacker can exploit this, via crafted BGP NOTIFICATION messages, to crash the RPD process and potentially...

sympa -- Denial of service caused by malformed CSRF token

Javier Moreno discovered a vulnerability in Sympa web interface that can cause denial of service DoS attack. By submitting requests with malformed parameters, this flaw allows to create junk files in Sympa's directory for temporary files. And particularly by tampering token to prevent CSRF, it...

WhatsApp Bug Allows Malicious Code-Injection, One-Click RCE

Security researchers have identified a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware campaigns through notification messages that appear completely normal to unsuspecting users. And, further investigation shows...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2018-1371)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.5.4 : systemd (EulerOS-SA-2019-1217)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd...

MGASA-2016-0380 Updated systemd packages fix security vulnerability

Andrew Ayer discovered that Systemd improperly handled zero-length notification messages. A local unprivileged attacker could use this to cause a denial of service init crash leading to system unavailability CVE-2016-7795...