194 matches found
Spring Boot's RabbitMQ auto-configuration doesn't perform hostname verification when connecting to the RabbitMQ broker
When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...
CVE-2019-16209
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets LayerSSLconnections...
EUVD-2019-7021
Malware in sbrugna...
EUVD-1999-0925
Malware in sbrugna...
EUVD-2019-0153
Malware in sbrugna...
EUVD-2009-2958
Malware in sbrugna...
EUVD-2013-6294
Malware in sbrugna...
EUVD-2017-6798
Malware in sbrugna...
EUVD-2018-0172
Malware in sbrugna...
EUVD-2024-3554
Malicious code in bioql PyPI...
EUVD-2023-2332
Malicious code in bioql PyPI...
TencentOS Server 3: python27:2.7 (TSSA-2022:0112)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0112 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2022-32906
This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections...
Alibaba Cloud Linux 3 : 0112: python27:2.7 (ALINUX3-SA-2022:0112)
The remote Alibaba Cloud Linux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0112 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-11324: The urllib3 library before...
CVE-2024-56733
Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...
Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...
GHSA-4FWJ-M62Q-PP47 Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...
CVE-2024-56733 Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...
CVE-2024-56733 Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...
Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...