HTTP Response Splitting

Overview eventsource-encoder is an Encodes events as well-formed EventSource/Server Sent Event SSE messages Affected versions of this package are vulnerable to HTTP Response Splitting via unsanitized event and id fields in the encoding process. An attacker can inject arbitrary Server-Sent Events...

Kiwi TCMS Operating System Command Injection Vulnerability

Kiwi TCMS is Kiwi TCMS open source a leading open source test management system for manual and automated testing. An operating system command injection vulnerability exists in versions of Kiwi TCMS prior to 12.2 that stems from the use of untrusted fields and can be exploited by an attacker to...

Kiwi TCMS 操作系统命令注入漏洞

Kiwi TCMS is Kiwi TCMS open source a leading open source test management system for manual and automated testing. An operating system command injection vulnerability exists in versions of Kiwi TCMS prior to 12.2 that stems from the use of untrusted fields and can be exploited by an attacker to...

Google Android Qualcomm closed-source component integer overflow vulnerability (CNVD-2019-24146)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. An integer overflow vulnerability exists in the Qualcomm closed source component in Android. An attacker can exploit this vulnerability to integer overflow untrusted fields in GNSS XTRA3...