Malicious code in @dreamlake/lakeshore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef6f14503697000ebd139364326d859a625a27a669e6f53b3e7a9388c3b0b25 On install, dist/cli/daemon/install.js fetches content from https://pub-c0109e197b4a4d1abe5884ac4dd3a023.r2.dev — an anonymous Cloudflare R2 bucket —...

BIT-AUTHENTIK-2024-47077 authentik cross-provider token validation problems

authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued...

CVE-2026-2378

ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

CVE-2026-2378 Address bar spoofing risk in ArcSearch on Android

ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

NewStart CGSL MAIN 6.06 (SP) : curl Vulnerability (NS-SA-2026-0032)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has curl packages installed that are affected by a vulnerability: - This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows ...

EUVD-2020-2655

Malware in sbrugna...

Migration to Unified Veeam Data Cloud FAQ

Below are the most commonly asked questions. What is changing with my Veeam Data Cloud for Microsoft 365 experience? Veeam is transitioning customers to the Veeam Data Cloud Platform, a unified multi-workload interface. This new experience allows you to manage Microsoft 365, Entra ID, Salesforce,...

Linux Distros Unpatched Vulnerability : CVE-2019-11762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on t...

The vulnerability of the Ruby on Rails software platform, related to the manipulation of cross-site requests, allows attackers to send CSRF tokens to incorrect domains.

The vulnerability of the Ruby on Rails software platform is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to remotely send CSRF tokens to incorrect domains...

SUSE CVE-2023-45289

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...

Google Go Security Vulnerability

Google Go is a static strongly-typed, compiled, concatenated, and garbage-collected programming language from Google. A security vulnerability exists in Google Go, which stems from the fact that http.Client does not forward sensitive headers when HTTP redirects to a domain that does not match, or...

AZL-32126 CVE-2023-46218 affecting package mysql for versions less than 8.0.35-2

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

GHSA-3CQM-MF7H-PRRJ Square OkHttp can accept the wrong certificate

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Acronis: Domain does not Match SSL Certificate

Summary While examining the subdomains for acronis.com, I noticed that https://pa.acronis.com is not currently protected by your SSL certificate. Steps To Reproduce Open firefox and copy/paste the following into the search bar: https://pa.acronis.com After you hit enter you will be transferred to...

CVE-2020-10194

cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request...

UBUNTU-CVE-2017-5120

Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could...

Red Hat CloudForms Management Engine Information Disclosure Vulnerability

Red Hat CloudForms Management Engine is an IaaS Infrastructure as a Service cloud services solution from Red Hat, Inc. The solution creates and manages private and public clouds and has application lifecycle management capabilities. An information disclosure vulnerability exists in the Red Hat...

Medium: curl

Issue Overview: The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. Affected Packages: curl Issue Correction: Run yum update...