User Impersonation

Overview org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to User Impersonation in the SubjectX500PrincipalExtractor component. An attacker can gain...

Malicious code in bambang-ronde54-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d658f4894311474a85763465858f096b61d343eadfb24d20fdbcb4309a4402 The package bambang-ronde54-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...

EUVD-2018-3089

Malware in sbrugna...

EUVD-2022-26875

Malicious code in bioql PyPI...

EUVD-2024-26108

Malicious code in bioql PyPI...

tough root metadata version is not checked for sequential versioning

Summary When updating the root role, a TUF client must establish a trusted line of continuity to the latest set of keys. While sequentially downloading new versions of the root metadata file, tough will not check that the root object version it received was the next sequential version from the...

PT-2022-19474

Name of the Vulnerable Software and Affected Versions Pion DTLS versions prior to 2.1.5 Description The issue affects users that are using Client certificates only. A DTLS Client could provide a Certificate that it doesn't possess the private key for, and Pion DTLS wouldn't reject it. The...

Mozilla Firefox <= 3.5.1 Error Page Address Bar URI Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35803/info Mozilla Firefox is affected by a URI-spoofing vulnerability. An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense o...