58 matches found
GHSA-27J5-2H6R-C9Q2 OpenAPI Tools OpenAPI Generator uses HTTP in various files
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...
OpenAPI Tools OpenAPI Generator uses HTTP in various files
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...
? before the @ sign allows one to bypass whitelists
Description ? before the @ sign in HTTP URLs allows one to bypass whitelists Proof of Concept Convince NodeJS HTTP client to make a request to 127.0.0.1 bypassing a google.com whitelist. const parse = require'parse-url' const http = require'http' const url = parse"http://[email protected]" if...
Command Injection in yogeshojha/rengine
✍️ Description RCE via the proxy feature of Rengine. Proxies can be added in Rengine for executables like httpx to use in a scan. This functionality can be used to inject a command and run arbitrary code. 🕵️♂️ Proof of Concept Add this as the only proxy in the proxy list in the Proxy settings:...
CVE-2021-38148
Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs...
CVE-2021-38148
Obsidian up to version 0.12.11 does not require user confirmation for non-http/https URLs, per CVE-2021-38148. The root cause is a missing user consent check when handling non-http/https links, which can lead to unintended navigation or loading of external content. The CVSS data indicates high im...
DEBIAN-CVE-2021-28117
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs that are neither https:// nor http:// based on the content of the store.kde.org web site. 5.18.7 is also a fixed version...
python3 security and bug fix update
3.6.8-15.1.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-15.1 - Patch 329 FIPS modified: Added workaround for modssl: Skip error checking in Pyhashlibfipserror Resolves: rhbz1760106 3.6.8-15 - Patch 329 that adds support for OpenSSL FIPS mode has been improved and...
CVE-2019-5448
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...
DEBIAN-CVE-2019-5448
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...
CVE-2019-5448
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...
CVE-2019-5448
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...
Authentication flaw
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...
CVE-2019-5448
CVE-2019-5448 affects Yarn; the vulnerability arises from HTTP URLs in a Yarn lockfile that can cause unencrypted authentication data to be transmitted. The connected advisories confirm Photon OS and Nessus plugins flag Yarn as affected and advise updating the Yarn package to mitigate. The exact ...
USN-2353-1: APT vulnerability
It was discovered that APT incorrectly handled certain http URLs. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to cause APT to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for...
Fedora 19 : kdelibs3-3.5.10-53.fc19 (2013-8625)
This update fixes a low-impact security issue in the KDE 3 compatibility kdelibs3 version of kiohttp where it would print passwords contained in HTTP URLs in error and debugging messages CVE-2013-2074. Note that Tenable Network Security has extracted the preceding description block directly from...
CVE-2007-6511
Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a 1 RealPlayer G2, 2 MSMSGS, or 3 StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization...
Design/Logic Flaw
Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a 1 RealPlayer G2, 2 MSMSGS, or 3 StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization...