奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

There is a vulnerability in json-ptr 2.0.0,upgrade recommended

https://github.com/sony/nmos-js/blob/ed45f774deda6fb1ecf20a2ddda131b029f09b7d/Development/package.json#L15 CVE-2021-23509 Recommended upgrade version:2.2.1-master.18a4d58

xss

Hi, This is Qihoo360 CodeSafe Team, we found a XSS Reflected issue, see server.py At line 30,without check parameters, resulting in xss reflected ![image](https://user-images.githubusercontent.com/39950310/50625908-fb13c080-0f65-11e9-853d-c006abc76d3c.png) Since I not familiar with ProductGenius,...

use unsafe target blank

hi: Use the target attribute in the `` tag and set the value to `_blank`. Attackers will attack the `window.opener` API with malicious behavior, which may cause phishing security vulnerabilities....

Path Manipulation

https://github.com/Huawei/Consumer/blob/05c373caf54a16fecf84703695139961fa3b347c/Codelabs/DriveKit/app/src/main/java/com/huawei/www/driveapplication/MainActivity.java#L252 Allowing user input to control paths used in file system operations could enable an attacker to access or modify otherwise protected system resources.

The return value of 'sscanf()' should be checked

https://github.com/NetApp/zufs-zuf/blob/7f35b926767a59693912bea63764709b1337c6da/tools/power/x86/intel-speed-select/isst-config.c#L1344

Io stream is not released

1 comment

FileInputStream is not released ![图片](https://user-images.githubusercontent.com/39950310/57294161-5b279880-70f9-11e9-8f31-ea80e011ea40.png)

null reference

In the getDatabaseName method of the MongoConfig.java file, when appConfig.getDatabaseInformation() reports an error, the 56 parameter may be a null pointer exception. ![default](https://user-images.githubusercontent.com/39950310/53551215-b2e2da00-3b73-11e9-87ac-448bbc82928f.png)

bug

Unused variables

https://github.com/IBM/page-lab/blob/dab2a0748f6fdf83c3e19050549330e26404dd87/admin/pageaudit/report/import_csv.py#L23 Variables declared but not used, or reassigned before they are used, can be the result of programmer negligence, which often means that there is a bug in the program.

Cross-Site Scripting: Reflected

https://github.com/IBM/page-lab/blob/dab2a0748f6fdf83c3e19050549330e26404dd87/admin/pageaudit/report/views.py#L197 https://github.com/IBM/page-lab/blob/dab2a0748f6fdf83c3e19050549330e26404dd87/admin/pageaudit/report/views.py#L217 Sending unvalidated data to a web browser can result in the browser executing malicious code.

There is a vulnerability in Bootstrap (Twitter) 3.3.7,upgrade recommended

https://github.com/microsoft/inventory-hub-java-on-azure/blob/1c2cfa5159d60c24ef391267fe95cd6bb01e9b0e/dashboard-web-app/pom.xml#L142 CVE-2019-8331 CVE-2018-14040 CVE-2018-20677 CVE-2018-20676 Recommended upgrade version:3.4.1