Shopify: Inject page in admin panel via Shopify.API.pushState with protocol invalid

Disclose Token in reports Summary Some time, i found a bug the 662083. Today I found a new payload, invalid protocol are not tested correctly in filter method. Step to Reproduce See the steps in 662083, but with payload of step 02 replace to: javascript function attack const ctx =...

CVE-2020-11049

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0...

TLS Version 1.2 Protocol Detection

The remote service accepts connections encrypted using TLS 1.2. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid136318; scriptversion"1.2"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/04/13"; scriptnameenglish:"TLS Version 1.2 Protocol Detection"...

Debian: Security Advisory (DLA-2184-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-12118

The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties...

CVE-2020-12118

The vulnerability CVE-2020-12118 affects Binance tss-lib prior to 1.2.0, where the keygen protocol implementation allows an attacker to craft h1 and h2 parameters, potentially compromising a signing round or exposing sensitive data from other parties. Public references indicate the remediation is...

CVE-2020-3262

CVE-2020-3262 affects Cisco Wireless LAN Controller (WLC) CAPWAP protocol handler. The issue stems from insufficient CAPWAP packet validation in the WLC software, allowing an unauthenticated, remote attacker to trigger a DoS by sending a malformed CAPWAP packet, potentially restarting the device....

CVE-2020-2805

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

Grandstream GXP IP Phone Detection (SIP)

SIP based detection of Grandstream GXP IP phones. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-5260

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...

A QUICk Introduction to HTTP/3

HTTP/3 is the newest iteration of the HTTP protocol that improves web security and performance...

CVE-2020-1759

CVE-2020-1759 affects Red Hat Ceph Storage 4 and Red Hat OpenShift Container Storage 4.2, where the secure mode of the messenger v2 protocol (msgr2) allows nonce reuse. This enables forging authentication tags and can lead to confidentiality and integrity problems in sessions when a nonce is reus...

Denial Of Service (DoS)

pidgin is vulnerable to denial of service. Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol XMPP protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedi...

Denial Of Service (DoS)

pidgin is vulnerable to denial of service DoS. The vulnerability exists as multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted...

Man-in-the-middle

The Simple Protocol for Independent Computing Environments SPICE is vulnerable to Man-in-the-middle. A race condition was found in the way the SPICE Mozilla Firefox plug-in and the SPICE client communicated. A local attacker could use this flaw to trick the plug-in and the SPICE client into...

Man-in-the-Middle (MitM)

openssh is vulnerable to man-in-the-middle attack. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciphertext block when a CBC mode cipher was used to encrypt SSH communication. This updat...

Denial Of Service (DoS)

Pidgin is vulnerable to Denial of Service DoS. A NULL pointer dereference flaw was found in the way the Pidgin IRC protocol plug-in handles IRC topics. A malicious IRC server could send a specially-crafted IRC TOPIC message, which once received by Pidgin, would lead to a denial of service Pidgin...

Denial Of Service (DoS)

pidgin is vulnerable to denial of service. A denial-of-service flaw was found in Pidgin's MSN protocol handler. If a remote user was able to send, and the Pidgin user accepted, a carefully-crafted file request, it could result in Pidgin crashing...

CVE-2019-11884

A flaw was found in the Linux kernel's implementation of the Bluetooth Human Interface Device Protocol HIDP. A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the dohidpsockioctl function in net/bluetooth/hidp/sock.c.c. This function can leak...