11 matches found
CVE-2026-53266
The CVE-2026-53266 entry concerns the Linux kernel netfilter bridge path, where ebt_snat ARP sender hardware address rewrite could be performed on non-writable memory. Root cause: ARP SHA is written via skb_store_bits() relative to skb->data, and skb_header_pointer() only safely reads the ARP ...
CVE-2026-53266 netfilter: bridge: make ebt_snat ARP rewrite writable
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...
CVE-2026-44971 GuardDog: Blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...
CVE-2018-25371
mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query...
SUSE CVE-2026-31427
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix use of uninitialized rtpaddr in processsdp processsdp declares union nfinetaddr rtpaddr on the stack and passes it to the nfnatsip sdpsession hook after walking the SDP media descriptions. However...
CVE-2026-31427
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix use of uninitialized rtpaddr in processsdp processsdp declares union nfinetaddr rtpaddr on the stack and passes it to the nfnatsip sdpsession hook after walking the SDP media descriptions. However...
EUVD-2020-23996
Malware in sbrugna...
CVE-2020-36519
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...
CVE-2020-36519
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...
Spoofing
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...
CVE-2020-36519
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...