Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-1705

Malware in sbrugna...

2.6CVSS6.1AI score0.02888EPSS
Exploits2References16
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.2 views

SUSE CVE-2009-1710

WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of 1 the host name, 2 security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property...

2.6CVSS6.7AI score0.02888EPSS
Exploits2References4
OSV
OSV
added 2022/09/16 12:0 a.m.103 views

GHSA-PQW5-JMP5-PX4V parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...

6.1CVSS6.3AI score0.00586EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/09/16 12:0 a.m.27 views

parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...

9.4CVSS6.2AI score0.00586EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2022/03/14 1:51 p.m.22 views

Improper Input Validation

url-js is vulnerable to improper input validation. The vulnerability exists in parseUrl function in parseUrl.js because the inputs are not parsed properly which allows an attacker to perform host name spoofing...

5.3CVSS4.4AI score0.00836EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2019/10/01 10:3 a.m.4 views

nodejs: Hostname spoofing in URL parser for javascript protocol

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" e.g. "javAscript:" protoc...

4.3CVSS7.1AI score0.0405EPSS
Exploits0References4
OSV
OSV
added 2013/12/23 10:55 p.m.4 views

CVE-2013-6422

The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification CURLOPTSSLVERIFYPEER, also disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM...

4CVSS6.2AI score0.02761EPSS
Exploits0References5
Rows per page
Query Builder