27 matches found
Mustang Panda targets European diplomats using enhanced PlugX backdoor
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...
CVE-2021-28662
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...
CVE-2021-22731
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM and MCSESP V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker...
HTTP/3: Ready to Land
Hi, my name is Mike Bishop; I'm the editor of the newest version of HTTP, HTTP/3. I'm part of Foundry, a team at Akamai that focuses on new and emerging technologies that will impact the future of the web. I've been involved in web standards since the early days of HTTP/2, and most of my work has...
Multiple Cisco Products NX-OS Software Arbitrary Command Execution Vulnerability
Cisco MDS 9000 Series Multilayer Switches are products of Cisco Corporation.Cisco MDS 9000 Series Multilayer Switches is a 9000 series switch device.Nexus 2000 Series Fabric Extenders is a Nexus 2000 series switch array expander.NX-OS Software is the data center-class operating system software th...
PT-2016-3364 · Imagemagick +5 · Imagemagick +5
Name of the Vulnerable Software and Affected Versions: ImageMagick versions 6.9.3-10 and earlier ImageMagick versions 7.x prior to 7.0.1-1 Description: The issue is related to the implementation of the HTTP and FTP protocols in ImageMagick, which allows remote attackers to conduct server-side...
UBUNTU-CVE-2015-4498
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early poin...