By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. The identifier VDB-243729 was assigned to this vulnerability. It is recommended to upgrade the affected component. Upgrading to version 7.2 SP.1 is able to address this issue. It is possible to initiate the attack remotely. The manipulation of the argument Server leads to improper authentication. This affects an unknown part of the file /api/authentication/login of the component WebTools. Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.Ī vulnerability classified as critical has been found in ColumbiaSoft Document Locator. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Īttacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls. VDB-245062 is the identifier assigned to this vulnerability. The exploit has been disclosed to the public and may be used. The manipulation leads to information disclosure. This vulnerability affects unknown code of the file /api/DataDictionary/GetItemList. A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |