93 matches found
EUVD-2015-6955
Malware in sbrugna...
EUVD-2011-0185
Malware in sbrugna...
EUVD-2023-33820
Malicious code in bioql PyPI...
CVE-2023-2971
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...
CVE-2023-2971
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...
Path traversal
Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies tex...
CVE-2023-2971 Typora Local File Disclosure
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...
CVE-2023-2971 Typora Local File Disclosure
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...
CVE-2016-7581
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL...
Code injection
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses...
CVE-2016-2830
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses...
CVE-2016-2830
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses...
Design/Logic Flaw
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to 1 api/openUrlInDefaultBrowser or 2 api/showSB...
CVE-2016-3987
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to 1 api/openUrlInDefaultBrowser or 2 api/showSB...
CVE-2016-1772
The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors...
Design/Logic Flaw
The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors...
CVE-2016-1781
CVE-2016-1781 affects Apple WebKit in iOS before 9.3 and Safari before 9.1, where handling of attachment URLs could enable remote tracking of users via unspecified vectors. The Apple security content for Safari 9.1 (WebKit entry) indicates a concrete mitigation: a hidden web page may access devic...
CVE-2016-1772
The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors...
Code injection
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors...
Cross site scripting
The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets CSS implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows...