MiracleLinux 4 : libproxy-0.3.0-3.AXS4 (AXSA:2012-1035:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-1035:01 advisory. libproxy offers the following features: extremely small core footprint 35K no external dependencies within libproxy core libproxy plugins may have dependenci...

Mozilla Firefox < 3.5.4

The version of Firefox installed on the remote Windows host is prior to 3.5.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-55 advisory. - Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary co...

Mozilla Firefox < 3.5.4

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 3.5.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-55 advisory. - Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute...

Mozilla Firefox < 3.0.15

The version of Firefox installed on the remote Windows host is prior to 3.0.15. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-55 advisory. - Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary...

EUVD-2018-10231

Malware in sbrugna...

EUVD-2017-15467

Malware in sbrugna...

EUVD-2009-3354

Malware in sbrugna...

EUVD-2012-4433

Malware in sbrugna...

EUVD-2021-3012

Malicious code in bioql PyPI...

CVE-2021-43269

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...

Linux Distros Unpatched Vulnerability : CVE-2017-6410

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic...

RHEL 6 : kdelibs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kdelibs: prints passwords contained in HTTP URLs in error messages CVE-2013-2074 - kf5-kio, kdelibs:...

SUSE CVE-2012-5580

Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...

SUSE CVE-2017-5384

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

SUSE CVE-2017-6410

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic Authentication credentials, a query string, or PATHINFO, which allows remote attackers to obtain sensitive information via a crafted PAC file...

SUSE CVE-2018-18506

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...

CentOS 7 : firefox (RHSA-2022:5479)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5479 advisory. - If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to...

CentOS 7 : thunderbird (RHSA-2022:5480)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5480 advisory. - If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to...

USN-5512-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass CSP restrictions, or execute...

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2022:5479)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:5479-1 advisory. - Mozilla: CSP sandbox header without allow-scripts can be bypassed via retargeted javascript: URI CVE-2022-34468 - Mozilla: Use-after-free in...