73 matches found
EUVD-2021-0890
Malware in sbrugna...
EUVD-2003-0230
Malware in sbrugna...
EUVD-2005-1286
Malware in sbrugna...
EUVD-2021-0842
Malware in sbrugna...
EUVD-2000-0498
Malware in sbrugna...
EUVD-2006-0934
Malware in sbrugna...
EUVD-2004-2451
Malware in sbrugna...
SUSE CVE-2010-1167
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...
SUSE CVE-2019-7524
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components...
CVE-2021-31404
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...
CVE-2018-25007
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message...
CVE-2018-25007
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message...
Design/Logic Flaw
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message...
Cross site request forgery (csrf)
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...
Cross site request forgery (csrf)
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 Vaadin 7.0.0 through 7.7.23, and 8.0.0 through 8.12.2 Vaadin 8.0.0 through 8.12.2 allows attacker to guess a security token via timing attack...
CVE-2021-31404 Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...
CVE-2021-31403 Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 Vaadin 7.0.0 through 7.7.23, and 8.0.0 through 8.12.2 Vaadin 8.0.0 through 8.12.2 allows attacker to guess a security token via timing attack...
CVE-2018-25007 Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message...
CVE-2018-25007
CVE-2018-25007 affects Vaadin Flow Server (com.vaadin:flow-server) due to a missing check in the UIDL request handler. Affected versions are 1.0.0–1.0.5, corresponding to Vaadin 10.0.0–10.0.7 and 11.0.0–11.0.2. The root cause is an unchecked UIDL synchronization message, which permits an attacker...
Vaadin flow 代码问题漏洞
Vaadin flow is a software application.The Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A code issue vulnerability exists in vaadin:flow-server versions 1.0.0 through 1.0.5 that stems from a missing check in the...