180 matches found
EUVD-2021-8130
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-5092
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform ...
CVE-2022-37164
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
CVE-2021-20715
Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...
VulnCheck KEV: CVE-2013-2912
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepperinprocessrouter.cc in the Pepper Plug-in API PPAPI in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other...
pepperfashion.gr Improper Access Control vulnerability OBB-3835419
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SUSE CVE-2013-2912
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepperinprocessrouter.cc in the Pepper Plug-in API PPAPI in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...
SUSE CVE-2013-6666
The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepperflashrendererhost.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing CORS simple headers before proceeding with a PPBFlash.Navigate operation, which might allow remot...
SUSE CVE-2014-7906
Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's...
SUSE CVE-2016-1631
The PPBFlashMessageLoopImpl::InternalRun function in content/renderer/pepper/ppbflashmessageloopimpl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
SUSE CVE-2020-16014
Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
CVE-2022-37163
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
CVE-2022-37163
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
PT-2022-23852 · Inoda · Inoda Ontrack
Name of the Vulnerable Software and Affected Versions: Inoda OnTrack version 3.4 Description: The issue is related to a weak password policy, allowing potential unauthorized access via brute-force attacks. User passwords are hashed without a salt or pepper, making it easier for tools like hashcat...
CVE-2021-20715
Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...
CVE-2021-20715
Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...
Improper access control
Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...
CVE-2021-20715
CVE-2021-20715 concerns an improper access control (CWE-284) in Hot Pepper Gourmet App for Android (v4.111.0 and earlier) and iOS (v4.111.0 and earlier). A remote attacker can cause a user to visit an arbitrary website via the vulnerable app, enabling phishing-like exposure. Mitigation: update to...
CVE-2021-20715
Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...
JVN#97434260: Hot Pepper Gourmet App fails to restrict access permissions
Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute access...