18 matches found
EUVD-2019-2310
Malware in sbrugna...
EUVD-2023-33770
Malicious code in bioql PyPI...
EUVD-2023-25808
Malicious code in bioql PyPI...
CVE-2024-10234 Wildfly: wildfly vulnerable to cross-site scripting (xss)
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server...
CVE-2024-10234
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server...
CVE-2023-2264
An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details...
CVE-2023-2264
An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details...
CVE-2023-2264 Improper input validition could lead to code injection
An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3026)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Information disclosure
An app with non-privileged access can change global system brightness and cause undesired system behavior...
CVE-2023-21641 Permissions, Privileges, and Access Controls in Display
An app with non-privileged access can change global system brightness and cause undesired system behavior...
Missing payable
Lines of code Vulnerability details Impact The following functions are not payable but uses msg.value - therefore the function must be payable. This can lead to undesired behavior. Proof of Concept frxETHMinter.sol, submit should use payable since it uses msg.value Tools Used Manual review...
Missing payable
Handle robee Vulnerability details The following functions are not payable but uses msg.value - therefore the function must be payable. This can lead to undesired behavior. LPool.sol, addReserves should be payable since using msg.value --- The text was updated successfully, but these errors were...
URL parsing in node-forge could lead to undesired behavior.
Impact The regex used for the forge.util.parseUrl API would not properly parse certain inputs resulting in a parsed data structure that could lead to undesired behavior. Patches forge.util.parseUrl and other very old related URL APIs were removed in 1.0.0 in favor of letting applications use the...
Open Redirect in tjenkinson/url-toolkit
āļø Description url-toolkit mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-toolkit sees it as a relative path. Which will lead to SSRF attacks, open redirects,...
Open Redirect in unshiftio/url-parse
āļø Description url-parse mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-parse sees it as a relative path. Similar attacks:...
Command injection
While processing QCANL80211VENDORSUBCMDAVOIDFREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdrago...
Imgur: Content Sniffing not enabled
The HTTP header X-Content-Type-Options was not set to nosniff. This can cause some browsers to try to determine the content/encoding type of a response, which is an undesired behavior...