19 matches found
SourceBroken: A Large-Scale Analysis on the (Un)Reliability of SourceRank in the PyPI Ecosystem
SourceRank is a scoring system made of 18 metrics that assess the popularity and quality of open-source packages. Despite being used in several recent studies, none has thoroughly analyzed its reliability against evasion attacks aimed at inflating the score of malicious packages, thereby...
EUVD-2022-1737
Malicious code in bioql PyPI...
CVE-2022-1233
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...
EulerOS 2.0 SP12 : git (EulerOS-SA-2025-1295)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...
CVE-2024-47883 Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...
Security Risks of New .zip and .mov Domains
Researchers are worried about Googles .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability...
CVE-2022-1233
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...
CVE-2022-1233
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...
CVE-2022-1233
CVE-2022-1233 affects the medialize/uri.js library. When parsing URLs without a scheme and with excessive slashes, the library may treat the hostname as null and set the path to /www.example.com, leading to URL confusion. This issue is fixed in version 1.19.11; prior releases are vulnerable. Affe...
CVE-2022-1233 URL Confusion When Scheme Not Supplied in medialize/uri.js
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...
CVE-2022-1233 URL Confusion When Scheme Not Supplied in medialize/uri.js
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...
URL Confusion When Scheme Not Supplied
Description This is a URL confusion vulnerability. When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com. Such behaviour is different from that exhibited by browsers, which will parse...
Mageia: Security Advisory (MGASA-2014-0183)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0019 Updated thunderbird packages fix security vulnerability
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...
Updated chromium-browser packages fix multiple security vulnerabilities
Updated chromium-browser-stable packages fix security vulnerabilities: Multiple vulnerabilities in the V8 JavaScript library, including a UXSS issue CVE-2014-1716, OOB access CVE-2014-1717, memory corruption CVE-2014-1721, and other vulnerabilities fixed in V8 version 3.24.35.22 CVE-2014-1729...
Google Chrome UnescapeURLWithOffsetsImpl() Function BiDi控制符未转义URL混淆漏洞
CVE ID:CVE-2014-1723 Google Chrome是一款流行的WEB浏览器。 Google Chrome UnescapeURLWithOffsetsImpl函数net/base/escape.cc处理URL中未转义BiDi控制符时,允许攻击者利用漏洞构建恶意WEB页,诱使用户解析,可导致URL混淆。 0 Google Chrome 33.0.1750.154 Google Chrome 33.0.1750.152 Google Chrome 34.0.1847.116版本已修复该漏洞,建议用户下载使用: https://www.google.com/chrome/...
Google Chrome < 34.0.1847.116 Multiple Vulnerabilities
Binary data 8208.pasl...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 31 vulnerabilities fixed in this release, including: 354123 High CVE-2014-1716: UXSS in V8. Credit to Anonymous. 353004 High CVE-2014-1717: OOB access in V8. Credit to Anonymous. 348332 High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple...
Google Chrome < 34.0.1847.116 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. CVE-2014-0506 - A buffer overflow...