Apache StreamPipes 安全漏洞

Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. Apache StreamPipes suffers from a security bypass vulnerability that can be exploited by an attacker to create multiple...

CVE-2024-40626 Stored Cross-site Scripting (XSS) vulnerability in Outline editor

Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting XSS vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other...

CVE-2024-6398

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...

CVE-2024-6398

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...

CVE-2024-6398

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...

CVE-2024-6398

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...

CVE-2024-6398

Trellix Secure Web Gateway (SWG) has an information disclosure vulnerability (CVE-2024-6398) affecting SWG 11.x before 11.2.24 and 12.x before 12.2.10. The issue arises from a browser Same Origin Policy bypass that can cause data on customizable block pages to be disclosed to third-party websites...

PT-2024-37595 · Swg · Swg

Name of the Vulnerable Software and Affected Versions: SWG versions 11.x prior to 11.2.24 SWG versions 12.x prior to 12.2.10 Description: An information disclosure issue in SWG allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy...

Trellix Secure Web Gateway Information Disclosure Vulnerability

Trellix Secure Web Gateway Trellix SWG is a security gateway from FireEye USA Trellix. An information disclosure vulnerability exists in Trellix Secure Web Gateway SWG version 12.x prior to 12.2.10 and version 11.x prior to 11.2.24, which stems from a browser bypassing the same-origin policy unde...

SUSE CVE-2024-6611

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

DHCP configurations for PVS

Citrix recommends DHCP configuration which ensures that a PVS target device receives the same IP address for all DHCP requests during its booted lifespan. The end result should be a target device using the same IP address it received at boot time, for the entirety of its booted lifespan. DHCP...

requests: subsequent requests to the same host ignore cert verification

An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification...

PT-2024-36797 · Longse · Longse Model Lbh30Fe200W

Name of the Vulnerable Software and Affected Versions: Longse model LBH30FE200W cameras affected versions not specified Description: The issue concerns Longse model LBH30FE200W cameras and products based on this device, which use telnet passwords that follow a specific pattern. Once the pattern i...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in Mozilla Firefox and Thunderbird, which can be exploited by attackers to bypass security restrictions caused b...

Astra Linux – Vulnerability in liblivemedia

Live555 version 1.08 does not handle MPEG-1 or 2 files properly. Sending two consecutive RTSP SETUP commands for the same track causes a use-after-free error and results in a crash of the daemon...

Astra Linux – Vulnerability in Firefox, Thunderbird

Offscreen Canvas did not properly prevent cross-origin tampering, which could allow access to image data from another site in violation of the same-origin policy. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

The maintainer of chrono-english is unresponsive

All versions will encounter compilation errors with a chrono version 0.4.35, due to backward incompatible API changes. User conradludgade reworked the original crate and created a fork with the same API surface called interim. The fork is better structured and passes the same test suite as...

Mozilla: Cross-Origin Image leak via Offscreen Canvas

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...

CVE-2024-37349

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the same management...

Mozilla: Cross-Origin Image leak via Offscreen Canvas

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy...