[SECURITY] Fedora 44 Update: rust-sequoia-sop-0.37.3-4.fc44

An implementation of the Stateless OpenPGP Interface using Sequoia...

EUVD-2020-20461

Malware in sbrugna...

[SECURITY] Fedora 41 Update: rust-sequoia-sop-0.36.0-3.fc41

An implementation of the Stateless OpenPGP Interface using Sequoia...

Samsung Internet Browser SOP Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the...

RHEL 6 : icedtea-web (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - icedtea-web: SOP checks based on codebase and not applet origin CVE-2015-5236 Note that Nessus has not tested for...

CVE-2023-49803

The CVE concerns the @koa/cors middleware for koa (Node.js). Before version 5.0.0, if an allowed origin is not provided, the middleware returns Access-Control-Allow-Origin with the request’s origin, effectively bypassing the browser’s Same-Origin Policy and exposing cross-origin data as described...

Fedora: Security Advisory for rust-sequoia-sop (FEDORA-2023-1d0d71b6aa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libpijul (>=0.12.0 <=0.12.1), pijul (>=0.12.0 <=0.12.1) +7 more potentially affected by CVE-2023-53161 via buffered-reader (>=0.11.0 <=0.5.0)

buffered-reader CARGO version =0.11.0, =0.12.0, =0.12.0, =0.1.0, =0.1.0, =0.17.0, =0.2.0, =0.0.1, =0.1.0, =0.4.0 Source cves: CVE-2023-53161 Source advisory: OSV:RUSTSEC-2023-0039...

Fedora: Security Advisory for rust-sequoia-sop (FEDORA-2023-c08ee112f6)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 38 : rust-sequoia-octopus-librnp / rust-sequoia-sop / rust-sequoia-sq (2023-c08ee112f6)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-c08ee112f6 advisory. Rebuild for bzip2 0.4.4 CVE-2023-22895 / RUSTSEC-2023-0004. Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 36 : rust-sequoia-octopus-librnp / rust-sequoia-sop / rust-sequoia-sq (2023-7bd6fbb5fa)

The remote Fedora 36 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-7bd6fbb5fa advisory. Rebuild for bzip2 0.4.4 CVE-2023-22895 / RUSTSEC-2023-0004. Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora: Security Advisory for rust-sequoia-sop (FEDORA-2023-7bd6fbb5fa)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-sequoia-sop (FEDORA-2023-c17427d18a)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Brave Software: Brave News feeds can open arbitrary chrome: URLs

An issue was discovered in Brave Browser versions 1.46.144 and earlier. The Brave News feeds feature can be exploited to open arbitrary chrome: URLs, bypassing the Same Origin Policy SOP and potentially granting access to privileged URLs. An attacker could use this vulnerability to gain...

CVE-2015-5236

It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value...

CVE-2015-5236

It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value...

CVE-2015-5236

The CVE-2015-5236 entry concerns IcedTea-Web, where the codebase attribute of the HTML tag used in the SOP check is not required to match the applet’s actual origin. This could allow a malicious site to bypass Same Origin Policy by spoofing the codebase value. Public documentation provided refer...

CVE-2015-5236

It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value...

CVE-2015-5236

A flaw was discovered that IcedTea-Web did not properly determine an applet's origin when performing same-origin checks. A malicious page could use this flaw to bypass the Same Origin Policy SOP and access data on unrelated sites using a spoofed value for the applet's codebase attribute...

CVE-2020-27969

Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing...