PYSEC-2022-43170

An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user...

CVE-2022-24737 Exposure of Sensitive Information to an Unauthorized Actor in httpie

HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and host...

CVE-2022-26662

CVE-2022-26662 describes an XML Entity Expansion (XEE) vulnerability in Tryton Application Platform (Server) and Proteus, allowing an unauthenticated attacker to send crafted XML-RPC to exhaust server resources. Affected ranges include Tryton Server 5.x up through 5.0.45, 6.x up through 6.0.15, 6...

CVE-2022-26662

An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...

Line Corporation Line Client For Ios 安全漏洞

Line Corporation Line Client For Ios is a communication application from Line Corporation, Japan. A security vulnerability exists in Line Client For Ios versions prior to 11.15.0, which can be exploited by an attacker to obtain service-specific authentication information in combination with a...

CVE-2021-36215

LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling...

Design/Logic Flaw

LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling...

CVE-2021-36215

LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling...

CVE-2021-36214

LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView...

CVE-2021-36214

LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView...

Cross site scripting

LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView...

CVE-2021-36214

The CVE-2021-36214 issue affects the LINE client for iOS, specifically versions prior to 10.16.3. A cross-site scripting vulnerability exists in the WebView caused by processing headers in WebView content, allowing injected or misinterpreted content to execute script. Reported details indicate th...

CVE-2021-36214

LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView...

containerd: Multiple vulnerabilities

Background Containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification. Description Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced...

LY Corporation: Webview address bar spoofing in LINE client for iOS

When navigation to an invalid hostname occurs, the address bar is updated even though the navigation is cancelled. Due to this incorrect timing of updating the address bar and applying URL normalization, it can be recognized as a different hostname from the actual hostname. As a result, attacker...

LY Corporation: Webview in LINE client for iOS will render application/octet-stream files as HTML

Due to misconfiguration in the webview of LINE client for iOS, the data with header "Content-type" as "application/octet-stream" was treated as HTML. This could lead to a malicious Javascript execution, resulting a Cross-site scripting attack...

Hackers Target Military and Aerospace Staff by Posing as HRs Offering Jobs

Cybersecurity researchers today took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations in Europe and the Middle East with an aim to spy on key employees of the targeted firms and, in some case, even to siphon money. The campaign, dubb...

[SECURITY] Fedora 30 Update: telnet-0.17-77.fc30

Telnet is a popular protocol for logging into remote systems over the Internet. The package provides a command line Telnet client...

MariaDB: Path traversal in command line client

The command line client has a directory traversal bug which allows server chosen files to be dlopened when it connects to a malicious server. The path can also be padded with / characters so that strxnmov drops the .so extension. The dlopen call is performed here: Impact In rare situations where...

IPFinder CLI - The Official Command Line Client For IPFinder

The Official Command Line Client For IPFinder: Supports Single IP Address, asn, ranges, firewall as Input Supports Bulk Exports Results to Screen or to An Output File Supports IPv4 and IPv6 Supports ASN number , RANGES , Firewall Getting Started singing up for a free account at...