CVE-2026-44312 css_parser allows to MITM included https css urls

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

EUVD-2008-3161

Malware in sbrugna...

EUVD-2015-2104

Malware in sbrugna...

EUVD-2020-20048

Malware in sbrugna...

EUVD-2008-4775

Malware in sbrugna...

SUSE CVE-2024-51774

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors...

CVE-2024-51774

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors...

CVE-2024-51774

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors...

Improper Certificate Validation

go.etcd.io/etcd is vulnerable to Improper Certificate Validation. The vulnerability is due to etcd gateway's handling of endpoint validation when the --discovery-srv flag is enabled, because it only checks for TCP reachability without ensuring that the endpoint accepted TLS connections through...

SUSE CVE-2010-3312

Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificat...

GHSA-PQW5-JMP5-PX4V parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...

CVE-2021-38148

Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs...

Security update for htmldoc (important)

openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2021:0895-1 Rating: important References: 1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 SUSE: 3.3...

Security update for htmldoc (important)

openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2021:0893-1 Rating: important References: 1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 SUSE: 3.3...

Heap overflow

Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow OOB write. In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerabl...

Updated kdelibs4 packages fix security vulnerability

Using a malicious PAC file, and then using exfiltration methods in the PAC function FindProxyForURL enables the attacker to expose full https URLs. This is a security issue since https URLs may contain sensitive information in the URL authentication part user:password@host, and in the path and th...

UBUNTU-CVE-2017-6410

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic Authentication credentials, a query string, or PATHINFO, which allows remote attackers to obtain sensitive information via a crafted PAC file...

SeaMonkey < 2.16 Multiple Vulnerabilities

Binary data 6693.prm...

Mozilla Thunderbird < 17.0.3 Multiple Vulnerabilities

Binary data 6692.prm...

Mozilla Thunderbird < 17.0.3 Multiple Vulnerabilities

The installed version of Thunderbird is earlier than 17.0.3 and thus, is potentially affected by the following security issues : - Numerous memory safety errors exist. CVE-2013-0783, CVE-2013-0784 - An out-of-bounds read error exists related to the handling of GIF images. CVE-2013-0772 - An error...