63 matches found
EUVD-2022-24587
Malicious code in bioql PyPI...
EUVD-2022-34580
Malicious code in bioql PyPI...
EUVD-2023-12303
Malicious code in bioql PyPI...
EUVD-2024-47504
Malicious code in bioql PyPI...
CVE-2023-0214
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be...
CVE-2022-1254
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. Thi...
CVE-2022-2310
An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of...
CVE-2024-6398
An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...
CVE-2024-6398
An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...
CVE-2024-6398
An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because oth...
CVE-2024-6398
Trellix Secure Web Gateway (SWG) has an information disclosure vulnerability (CVE-2024-6398) affecting SWG 11.x before 11.2.24 and 12.x before 12.2.10. The issue arises from a browser Same Origin Policy bypass that can cause data on customizable block pages to be disclosed to third-party websites...
Explained: Domain fronting
Domain fronting is a technique of using different domain names on the same HTTPS connection. Put simply, domain fronting hides your traffic when connecting to a specific website. It routes traffic through a larger platform, masking the true destination in the process. The technique became popular...
Authentication flaw
A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...
CVE-2023-4400
A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...
CVE-2023-4400
Skyhigh Secure Web Gateway (SWG) is affected: versions 11.x prior to 11.2.14, 10.x prior to 10.2.25, and 12.x prior to 12.2.1 contain a password-management issue where authentication information stored in configuration files can be extracted via the SWG REST API because passwords are stored in pl...
Secure Web Gateway 10.2.11 - Cross-Site Scripting Vulnerability
Exploit Title: Secure Web Gateway 10.2.11 - Cross-Site Scripting XSS Product: Secure Web Gateway Affected Versions: 10.2.11, potentially other versions Fixed Versions: 10.2.17, 11.2.6, 12.0.1 Vulnerability Type: Cross-Site Scripting Security Risk: high Vendor URL:...
K40507733: The BIG-IP APM logon page may expose an XSS security risk
Security Advisory Description This issue occurs when all of the following conditions are met: You configure an authentication, authorization, and accounting AAA agent after a logon page agent in the access policy. You configure the AAA agent with a Max Logon Attempts Allowed value higher than 1...
Secure Web Gateway 10.2.11 Cross Site Scripting Vulnerability
Secure Web Gateway version 10.2.11 suffers from a cross site scripting vulnerability. RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure We...
Secure Web Gateway 10.2.11 Cross Site Scripting
RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk...
CVE-2023-0214
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be...