CVE-2021-38148

Obsidian up to version 0.12.11 does not require user confirmation for non-http/https URLs, per CVE-2021-38148. The root cause is a missing user consent check when handling non-http/https links, which can lead to unintended navigation or loading of external content. The CVSS data indicates high im...

DEBIAN-CVE-2021-28117

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs that are neither https:// nor http:// based on the content of the store.kde.org web site. 5.18.7 is also a fixed version...

python3 security and bug fix update

3.6.8-15.1.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-15.1 - Patch 329 FIPS modified: Added workaround for modssl: Skip error checking in Pyhashlibfipserror Resolves: rhbz1760106 3.6.8-15 - Patch 329 that adds support for OpenSSL FIPS mode has been improved and...

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

DEBIAN-CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

Authentication flaw

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

CVE-2019-5448

CVE-2019-5448 affects Yarn; the vulnerability arises from HTTP URLs in a Yarn lockfile that can cause unencrypted authentication data to be transmitted. The connected advisories confirm Photon OS and Nessus plugins flag Yarn as affected and advise updating the Yarn package to mitigate. The exact ...

USN-2353-1: APT vulnerability

It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to cause APT to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for...

Fedora 19 : kdelibs3-3.5.10-53.fc19 (2013-8625)

This update fixes a low-impact security issue in the KDE 3 compatibility kdelibs3 version of kiohttp where it would print passwords contained in HTTP URLs in error and debugging messages CVE-2013-2074. Note that Tenable Network Security has extracted the preceding description block directly from...

Design/Logic Flaw

Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a 1 RealPlayer G2, 2 MSMSGS, or 3 StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization...

CVE-2007-6511

Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a 1 RealPlayer G2, 2 MSMSGS, or 3 StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization...