Mageia: Security Advisory (MGASA-2014-0068)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

tiny-house-nrw.com Improper Access Control vulnerability OBB-2270658

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2021-23020

Name of the Vulnerable Software and Affected Versions TinyFileManager versions up to and including 2.4.6 Description A Cross-Site Request Forgery CSRF issue exists that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacke...

Huan - Encrypted PE Loader Generator

Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently, it works on 64 bit PE files. How It Works? First, Huan...

timeout_io (>=0.2.0 <=0.2.7) potentially affected by CVE-2020-36438 via tiny_future (=0.3.2)

tinyfuture CARGO version =0.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on tinyfuture and may be impacted: - timeoutio =0.2.0, =0.2.7 Source cves: CVE-2020-36438 Source advisory: OSV:GHSA-FG42-VWXX-XX5J...

TTiny Java Web Server 跨站脚本漏洞

TTiny Java Web Server is a lightweight web server written in Java. A cross-site scripting vulnerability exists in TTiny Java Web Server and Servlet Container TJWS =1.115, which allows an adversary to inject malicious code into the server's "404 Page not Found" error page...

CVE-2020-36438

An issue was discovered in the tinyfuture crate before 0.4.0 for Rust. Future does not have bounds on its Send and Sync traits...

Unbreakable Enterprise kernel security update

5.4.17-2102.202.5 - sctp: delay autoasconf init until binding the first addr Xin Long Orabug: 32907967 CVE-2021-23133 CVE-2021-23133 - dm ioctl: fix out of bounds array access when no devices Mikulas Patocka Orabug: 32860491 CVE-2021-31916 - uek-rpm: update kABI lists for the new symbols Saeed...

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

...

GHSA-4Q97-FH3F-J294 Prototype Pollution in tiny-conf

All versions of package tiny-conf up to and including version 1.1.0 are vulnerable to Prototype Pollution via the set function...

Prototype Pollution in tiny-conf

All versions of package tiny-conf up to and including version 1.1.0 are vulnerable to Prototype Pollution via the set function...

grunt-kevoree (>=0.3.0 <=6.0.0-alpha.1), grunt-kevoree-registry (>=3.0.0 <=4.0.0-alpha) +9 more potentially affected by CVE-2020-7724 via tiny-conf (=1.1.0)

tiny-conf NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tiny-conf and may be impacted: - grunt-kevoree =0.3.0, =3.0.0, =5.7.0, =4.0.0, =5.5.0-alpha, =0.3.0, =1.6.0, =1.0.0-alpha, =1.0.1, =1.0.0, =1.0.2 Source cves: CVE-2020-7724...

Tencent OS-tiny 输入验证错误漏洞

Tencent OS-tiny is a real-time operating system developed by Tencent for the Internet of Things IoT. It is characterized by low power consumption, low resource consumption, modularity, security and reliability, which can effectively improve the development efficiency of IoT terminal products. An...

Tiny Tiny RSS Remote Code Execution (CVE-2020-25787)

A remote code execution vulnerability exists in Tiny Tiny RSS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2021-28373

The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...

CVE-2021-28373

The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...

Design/Logic Flaw

The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...

CVE-2021-28373

The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...

CVE-2021-28373

The vulnerability CVE-2021-28373 affects Tiny Tiny RSS (tt-rss) via the auth_internal plugin. The root issue allows an attacker to log in using an OTP code without a valid password, as reported for TT-RSS prior to 2021-03-12. The condition occurred on the git master branch for a short period; pro...

CVE-2021-28373

The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...