51 matches found
CVE-2026-9697
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...
CVE-2026-10584
Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...
CVE-2026-45745
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...
CVE-2026-47107
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...
EUVD-2026-30958
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...
PT-2026-41986
Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.703.2 Description Incorrect default permissions in nsjail sandbox configuration files allow the /etc directory to be bind-mounted without read-write restrictions. This enables authenticated users to write arbitrary...
EUVD-2020-17884
Malware in sbrugna...
Fortinet FortiNAC-F 信任管理问题漏洞
Fortinet FortiNAC-F is a set of network access control solutions from the American Fiat Fortinet. The product is mainly used for network access control and IoT security. Fortinet FortiNAC-F suffers from a trust management issue vulnerability that stems from improper certificate validation, which...
Hardcoded credentials
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...
CVE-2020-36128
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...
SUSE: Security Advisory (SUSE-SU-2021:0241-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : MozillaFirefox (openSUSE-2021-222)
This update for MozillaFirefox fixes the following issues : - Firefox Extended Support Release 78.7.0 ESR MFSA 2021-04, bsc1181414 - CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests - CVE-2021-23954: Fixed a type confusion when using logical assignment operator...
Updated thunderbird packages fix security vulnerabilities
Cross-origin information leakage via redirected PDF requests. CVE-2021-23953 Type confusion when using logical assignment operators in JavaScript switch statements. CVE-2021-23954 IMAP Response Injection when using STARTTLS. CVE-2020-15685 HTTPS pages could have been intercepted by a registered...
MGASA-2021-0066 Updated thunderbird packages fix security vulnerabilities
Cross-origin information leakage via redirected PDF requests. CVE-2021-23953 Type confusion when using logical assignment operators in JavaScript switch statements. CVE-2021-23954 IMAP Response Injection when using STARTTLS. CVE-2020-15685 HTTPS pages could have been intercepted by a registered...
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:0259-1)
This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.7.0 ESR MFSA 2021-04, bsc1181414 - CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests - CVE-2021-23954: Fixed a type confusion when using logical assignment operators ...
OPENSUSE-SU-2021:0223-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR MFSA 2021-04, bsc1181414 CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests CVE-2021-23954: Fixed a type confusion when using logical assignment operators in...
OPENSUSE-SU-2021:0222-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR MFSA 2021-04, bsc1181414 CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests CVE-2021-23954: Fixed a type confusion when using logical assignment operators in...
SUSE-SU-2021:0259-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR MFSA 2021-04, bsc1181414 CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests CVE-2021-23954: Fixed a type confusion when using logical assignment operators in...
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:0246-1)
This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.7.0 ESR MFSA 2021-04, bsc1181414 - CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests - CVE-2021-23954: Fixed a type confusion when using logical assignment operators ...
OPENSUSE-SU-2021:0208-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to 78.7.0 ESR MFSA 2021-05, bsc1181414 CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests CVE-2021-23954: Fixed a type confusion when using logical assignment operato...