601 matches found
GHSA-RQFJ-VV8R-XHQC nebula-mesh: Session and OIDC state cookies lack the Secure attribute
internal/web/session.go and internal/web/oidc.go set HttpOnly and SameSite=Lax on every cookie but never Secure. A single plaintext request to the origin operator on a LAN, mistyped URL, HTTP→HTTPS not strictly enforced, reverse proxy misconfiguration discloses the session. Affected All released...
CVE-2023-43688
An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. There is a Heap buffer overflow in various buffer encryption utilities...
CVE-2023-43688
An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. There is a Heap buffer overflow in various buffer encryption utilities...
CVE-2023-43686
An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service...
PT-2026-48155
An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service...
CVE-2023-43688
An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. There is a Heap buffer overflow in various buffer encryption utilities...
CVE-2023-43686
An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service...
PT-2026-48156
An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. There is a Heap buffer overflow in various buffer encryption utilities...
CVE-2023-43686
An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service...
CVE-2023-43688
An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. There is a Heap buffer overflow in various buffer encryption utilities...
CVE-2023-43686
CVE-2023-43686 affects Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). The issue arises when parsing a large number of Firefox preference files, which can cause the parser to ignore other browser configuration files, resulting in a denial of service. The connected sources confirm the ...
CVE-2023-43688
CVE-2023-43688 affects Malwarebytes 4.x and 5.x, and Nebula 2020-10-21 and later. The issue is a heap buffer overflow in various buffer encryption utilities . The CVSS metrics indicate a high base score (7.5) with a network attack vector and no user interaction. Connected documents confirm the af...
Malwarebytes 安全漏洞
Malwarebytes is an application software developed by the American company Malwarebytes, which provides anti-malware capabilities for devices. This software is designed to protect against viruses, spyware, Trojan horses, worms, dialers, and other malicious software. Versions of Malwarebytes 4.x an...
Malwarebytes 安全漏洞
Malwarebytes is an application software developed by the American company Malwarebytes, which provides anti-malware capabilities for devices. This software is designed to protect against viruses, spyware, Trojan horses, worms, dialers, and other malicious software. Versions of Malwarebytes 4.x an...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the lack of CSRF protection on /ui/ mutating endpoints. An attacker can perform unauthorized actions on behalf of an authenticated user by tricking them into submitting crafted requests, such as...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the lack of CSRF protection on /ui/ mutating endpoints. An attacker can perform unauthorized actions on behalf of an authenticated user by tricking them into submitting crafted requests, such as...
secure-software-development
Secure Software Development — Notes & Exercise Writeups Perso...
OPENSUSE-SU-2026:20581-1 Security update for nebula
This update for nebula fixes the following issues: Changes in nebula: - Update to version 1.10.3: Fix an issue where blocklist bypass is possible when using curve P256 Any newly issued P256 based certificates will have their signature clamped to the low-s form. Nebula will assert the low-s...
CVE-2026-4217
A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...
CVE-2026-31849
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an...