5 matches found
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...
GFI Kerio Control 安全漏洞
GFI Kerio Control is a Unified Threat Management UTM solution from GFI Malta. The product includes features such as virus protection, web content filtering and application filtering. A security vulnerability exists in GFI Kerio Control version 9.4.5, which stems from an insecure upgrade mechanism...
Dell EMC SCG Policy Manager Information Disclosure Vulnerability
Dell EMC SCG Policy Manager is a secure connectivity gateway policy manager from Dell, Inc. An information disclosure vulnerability exists in Dell EMC SCG Policy Manager version 5.14, which stems from insufficient protection of sensitive information in the upgrade path from SRS to SCG, and can be...
HSTS amnesia with --parallel
curl's HSTS cache saving behaves wrongly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when...
Jenkins promoted builds Plugin 跨站脚本漏洞
Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.The Jenkins promoted builds Plugin is vulnerable to an input validation error that could be exploited by an attacker to...