11 matches found
EUVD-2023-2643
Malicious code in bioql PyPI...
CVE-2021-28813
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have...
CVE-2021-28813 Insufficiently Protected Credentials Vulnerability in QSW-M2116P-2T2S and QuNetSwitch
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have...
CVE-2021-28815
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link...
CVE-2021-32638
Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to the process instead ...
Authentication flaw
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware...
CVE-2021-28653
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware...
Out-of-bounds Read
Overview Versions of npmconf before 2.1.3 allocate and write to disk uninitialized memory contents when a typed number is passed as input on Node.js 4.x. Recommendation Update to version 2.1.3 or later. Consider switching to another config storage mechanism, as npmconf is deprecated and should no...
The vulnerability of the Mac OS X operating system, which allows a perpetrator to gain access to protected information
The vulnerability of the WiFi component of the Mac OS X operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an intruder, acting locally, to gain access to protected network configuration information using the global storage mechanism...
Thousands of websites based on Ruby on Rails vulnerable to Cookie Handling flaw
Ruby on Rails contains a flaw in its design that may allow attackers to more easily access applications. Websites that rely on Ruby on Rails’s default cookie storage mechanism CookieStore are at risk. The vulnerability was actually reported two months ago, but still thousands of website are runni...
DSA-1506-1 iceape - several vulnerabilities
Bulletin has no description...