EUVD-2020-18788

Malware in sbrugna...

EUVD-2022-3299

Malicious code in bioql PyPI...

Oracle Linux 8 : pcs (ELSA-2024-10987)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10987 advisory. 0.10.18-2.0.1.el810.3 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.3 - Prevented any future HTTP header-based attacks on puma/sinatra by removing...

pcs security update

0.10.18-2.0.1.el810.3 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.3 - Prevented any future HTTP header-based attacks on puma/sinatra by removing any headers not recognized by pcsd Resolves: RHEL-65595...

OrbiTeam BSCW Server XSS / LFI / User Enumeration Vulnerabilities

OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file inclusion, and user enumeration vulnerabilities...

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 is affected by an HTTP header (Host and Origin) input issue that enables account takeover when a user clicks a spoofed password‑reset link. Root cause: header handling allows spoofing of origins/hosts. Impact: potential account compromise; attacks require net...