EUVD-2023-28952

Malicious code in bioql PyPI...

EUVD-2023-2137

Malicious code in bioql PyPI...

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows suffers from a Resource Management Error vulnerability that arises from the system not properly restricting the use of resources, which can be exploited by an attacke...

PT-2025-1292

Name of the Vulnerable Software and Affected Versions Microsoft Office OneNote affected versions not specified Description The issue is related to incorrect restriction of file names and other resources in Microsoft Office OneNote. This can allow an attacker to execute arbitrary code...

Are HTTP Content-Security-Policy (CSP) Headers Sufficient to Secure Your Client Side?

Modern web frameworks have shifted business logic from the server side to the client side web browser, enhancing performance, flexibility, and user experience. However, this move introduces security and privacy concerns, as exposing sensitive logic and data can lead to vulnerabilities like code...

GHSA-3Q5P-3558-364F Fiber unauthorized access vulnerability in `ctx.IsFromLocal()`

Impact This vulnerability can be categorized as a security misconfiguration. It impacts users of our project who rely on the ctx.IsFromLocal method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. In it's...

CVE-2023-39533

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

Open redirect

The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on open-feature-operator-controller-manager to escalate the privileges o...

PT-2023-15970 · Unknown · Lirantal/Daloradius

Name of the Vulnerable Software and Affected Versions: lirantal/daloradius versions prior to master-branch Description: The issue is related to improper restriction of names for files and other resources. This affects the GitHub repository lirantal/daloradius. Recommendations: For versions prior ...

CVE-2022-25178

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...

CVE-2022-25178

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...

Delta Electronics ISPSoft 资源管理错误漏洞

Delta Electronics ISPSoft is a set of PLC Programmable Logic Controller programming software from Delta Electronics, Taiwan, China. An Access Control Error Oh vulnerability exists in Delta Electronics ISPSoft v3.12 and prior, which arises when a networked system or product does not properly...

CVE-2020-16241

Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor...

CVE-2019-4338

IBM Security Guardium Big Data Intelligence 4.0 SonarG does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417...

Design/Logic Flaw

IBM Security Guardium Big Data Intelligence 4.0 SonarG does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417...

CVE-2019-4338

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is affected by CVE-2019-4338 due to improper restriction of resource size/amount requested or influenced by an actor, enabling resource consumption and potential denial of service. Affected component: Guardium Big Data Intelligence 4.0 (Son...

CVE-2019-4338

IBM Security Guardium Big Data Intelligence 4.0 SonarG does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417...

Security Bulletin: IBM Security Guardium Big Data Intelligence is affected by a Denial of service vulnerability

Summary IBM Security Guardium is aware of the following vulnerability Vulnerability Details CVEID: CVE-2019-4338 DESCRIPTION: IBM Security Guardium Big Data Intelligence SonarG does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness c...

CVE-2018-1647

IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. IBM X-Force ID: 144650...

CVE-2018-8854

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended...