EUVD-2010-0691

Malware in sbrugna...

Fedora: Security Advisory (FEDORA-2025-70701de9de)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-36845

The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL...

CVE-2022-20656 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system. This vulnerability is due...

SUSE CVE-2024-34447

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73.6 and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname as happens...

Etcd Gateway TLS endpoint validation only confirms TCP reachability

Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail Secure endpoint validation is performed by the etcd gateway start command when the --discovery-srv fla...

Etcd Gateway TLS endpoint validation only confirms TCP reachability

Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail Secure endpoint validation is performed by the etcd gateway start command when the --discovery-srv fla...

Cisco Evolved Programmable Network Manager和Cisco Prime Infrastructure 安全漏洞

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure are both products of Cisco Corporation.Cisco Evolved Programmable Network Manager is a network management Cisco Prime Infrastructure is a software application. Cisco Evolved Programmable Network Manager is a network...

Directory traversal

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to...

CVE-2021-34762 Cisco Firepower Management Center Software Authenticated Directory Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to...

CVE-2021-28940

Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpiedebug.php and /scripts/magpiesimple.php page that if you send a specific https url in the RS...

CVE-2018-9920

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https:///Identity/STS/Forms/Scripts URL...

New HTTPS URL Leakage Attack Leaves PCs, Macs, Linux Systems Vulnerable

LAS VEGAS — Researchers have found flaws in the Web Proxy AutoDiscovery protocol tied to DHCP and DNS servers that allow hackers spy on HTTPS-protected URLs and launch a myriad of different malicious attacks against Linux, Windows or Mac computers. According to the security firm SafeBreach, this...

Firefox ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 17.x is potentially affected by the following security issues : - Numerous memory safety errors exist. CVE-2013-0783 - An error exists related to Chrome Object Wrappers COW or System Only Wrappers SOW that could allow security bypass. CVE-2013-0773 - The file...

APPLE-SA-2012-09-19-3 Safari 6.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-3 Safari 6.0.1 Safari 6.0.1 is now available and addresses the following: Safari Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1 Impact: Opening a maliciously crafted downloaded HTML...

CVE-2012-0479

Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid 1 RSS or 2 Atom XML content...

Code injection

Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid 1 RSS or 2 Atom XML content...

OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity,...

CVE-2010-1406

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive...

CVE-2007-5034

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...