EUVD-2019-8507

Malware in sbrugna...

Improper Access Control

github.com/hashicorp/consul is vulnerable to Improper Access Control. The vulnerability is due to the ability to bypass HTTP header-based access rules when using headers in L7 traffic intentions, allowing unauthorized access in certain cases...

istio/envoy: Authorization bypass via null characters injection in HTTP/1.x

A flaw was found in Envoy version 1.9.0 and older, where Envoy does not reject embedded zero characters NUL, ASCII 0x0 when processing HTTP/1.x header values. This flaw allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules,...

Mozilla Thunderbird 10.x < 10.0.3 Multiple Vulnerabilities

Binary data 6352.prm...

Mozilla SeaMonkey 2.x < 2.8 Multiple Vulnerabilities

Binary data 801337.prm...

Thunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected...