EUVD-2023-39177

Malicious code in bioql PyPI...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

CVE-2022-39287

tiny-csrf is a Node.js cross site request forgery CSRF protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit 8eead6d and the patch with be included in version 1.1.0. Users are advise...

PT-2024-32422 · Gotenna · Gotenna Pro App +2

Name of the Vulnerable Software and Affected Versions: goTenna Pro App affected versions not specified goTenna Pro X goTenna Pro X2 Description: The issue allows an attacker to inject custom messages with any GID and Callsign into existing goTenna mesh networks using a software-defined radio. Thi...

UBUNTU-CVE-2020-29547

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...

PT-2022-37523 · Sendmail · Sendmail

Name of the Vulnerable Software and Affected Versions: sendmail affected versions not specified Description: The issue is related to SMTP session reuse, which can lead to STARTTLS not being used even if it is offered. Recommendations: At the moment, there is no information about a newer version...