USN-8167-1 xdg-dbus-proxy vulnerability

It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept certain D-Bus messages...

PT-2026-8330

Name of the Vulnerable Software and Affected Versions Nanobot versions prior to v0.1.3.post7 Description The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An...

goTenna Pro 授权问题漏洞

goTenna Pro is a series of devices from goTenna that can create networks for off-grid communication and situational awareness. An authorization issue vulnerability exists in goTenna Pro that stems from not authenticating the public key, which allows an unauthenticated attacker to intercept and...

Fortinet FortiMail 数据伪造问题漏洞

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. Fortinet FortiMail has a security vulnerability that allows an unauthenticated attacker to intercept encrypted messages, making it possible...

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

DEBIAN-CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

Design/Logic Flaw

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

UBUNTU-CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

Debian: Security Advisory (DSA-3492-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-413-1 : gajim security update

Affected versions of gajim allow remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. This has been fixed in squeeze-lts by version 0.13.4-3+squeeze4. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA...

gajim: man-in-the-middle

It was found that gajim doesn't verify the origin of roster pushes thus allowing third parties to modify the roster. This vulnerability allows to intercept messages resulting in man-in-the-middle...