73 matches found
EUVD-2020-18374
Malware in sbrugna...
EUVD-2024-42861
Malicious code in bioql PyPI...
EUVD-2022-43459
Malicious code in bioql PyPI...
EUVD-2025-19506
Malicious code in bioql PyPI...
EUVD-2024-35242
Malicious code in bioql PyPI...
EUVD-2025-3979
Malicious code in bioql PyPI...
IBM Jazz for Service Management 安全漏洞
IBM Jazz for Service Management is an integrated service management product from International Business Machines IBM that provides visibility into the service management environment. A security vulnerability exists in IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.24, which stems...
CVE-2025-46014
Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation...
PT-2025-27396 · Honor · Honor Pc Manager
Name of the Vulnerable Software and Affected Versions: Honor PC Manager version 16.0.0.118 Description: A privilege escalation issue was discovered in Honor PC Manager, where several services connect to the named pipe iMateBookAssistant with default or overly permissive security attributes...
CVE-2024-35211
A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes such as “Secure”, “HttpOnly”, or “SameSite”...
CVE-2020-13770
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having...
Missing Encryption Of Sensitive Data
org.opendaylight.sfc, odl-sfc-openflow-renderer is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to missing security attributes or transmission over unencrypted channels, allowing Man-in-the-Middle attacks to access sensitive information...
HCL SX 安全漏洞
HCL SX is an application from HCL India. A security vulnerability exists in HCL SX that stems from not setting security attributes on authorization tokens or session cookies, which could lead to cross-site request forgery attacks...
CVE-2025-24897 Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...
Security Bulletin: IBM i is vulnerable to an authenticated user gaining elevated privilege to a physical file [CVE-2024-47104].
Summary IBM i is vulnerable to an authenticated user gaining elevated privilege to a physical file by altering based-on file attributes as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes...
CVE-2024-47104
IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated...
CVE-2024-47104
CVE-2024-47104 affects IBM i 7.4 and 7.5. An authenticated user with view authority can elevate privileges by altering the based-on physical file security attributes without object management rights, enabling actions restricted by their view privileges. IBM reports remediation via PTFs: 7.5 SF999...
PT-2024-32410 · Ibm · Ibm I
Name of the Vulnerable Software and Affected Versions: IBM i versions 7.4 and 7.5 Description: The issue allows an authenticated user to gain elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object...
IBM Security QRadar Security Vulnerabilities
IBM Security QRadar is a modernized threat detection and response solution from International Business Machines IBM, Inc. designed to unify and integrate the security analyst experience and improve their response speed throughout the incident lifecycle. A security vulnerability exists in IBM...
CVE-2024-35211
A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes such as “Secure”, “HttpOnly”, or “SameSite”...