17 matches found
CVE-2026-55568
Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials the Proxy-Authorization header, proxy userinfo in the proxy URL, or CURLOPTPROXYUSERPW...
MiracleLinux 8 : NetworkManager-1.40.16-18.el8_10.ML.1 (AXSA:2025-9552:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9552:02 advisory. Security and Bug Fixes: NetworkManager: DHCP routing options can manipulate interface-based VPN traffic CVE-2024-3661 Route to VPN server not stored in routi...
EUVD-2021-17883
Malware in sbrugna...
EUVD-2023-40616
Malicious code in bioql PyPI...
TencentOS Server 3: Bug fix of NetworkManager (Moderate) (TSSA-2025:0044)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0044 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2021-30966
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations...
Alibaba Cloud Linux 3 : 0008: NetworkManager (ALINUX3-SA-2025:0008)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0008 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-3661: DHCP can add routes to a clients...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS version 13.7, which originates from network traffic that may leak outside of a VPN tunnel...
PT-2024-31000 · Apple · Visionos +6
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7 iOS versions prior to 17.7 iPadOS versions prior to 17.7 visionOS versions prior to 2 macOS Sonoma versions prior to 14.7 macOS Sequoia versions prior to 15 Description: A logic issue was addressed with improved...
Does the TunnelVision vulnerability affect Opera’s free VPN?
Privacy Does the TunnelVision vulnerability affect Opera’s free VPN? Share June 12th, 2024 Hello! You may have heard recently about a new type of vulnerability called TunnelVision that makes it possible for a malicious actor to bypass VPN protection. So you will be happy to know that Opera’s free...
Impact of TunnelVision Vulnerability
The Palo Alto Networks Product Security Assurance team has evaluated the TunnelVision vulnerability as it relates to our products. This issue allows an attacker with the ability to send DHCP messages on the same local area network, such as a rogue Wi-Fi network, to leak traffic outside of the...
CVE-2024-3661 DHCP routing options can manipulate interface-based VPN traffic
DHCP can add routes to a client’s routing table via the classless static route option 121. VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify...
CVE-2021-47160
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: fix VLAN traffic leaks PCRMATRIX field was set to all 1's when VLAN filtering is enabled, but was not reset when it is disabled, which may cause traffic leaks: ip link add br0 type bridge vlanfiltering 1 ip link...
CVE-2021-47160
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: fix VLAN traffic leaks PCRMATRIX field was set to all 1's when VLAN filtering is enabled, but was not reset when it is disabled, which may cause traffic leaks: ip link add br0 type bridge vlanfiltering 1 ip link...
CVE-2023-36673
An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while...
Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables Affecting Cisco AnyConnect Secure Mobility Client and Cisco Secure Client
On August 8, 2023, the paper Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables was made public. The paper discusses two attacks that can cause VPN clients to leak traffic outside the protected VPN tunnel. In both instances, an attacker can manipulate routing exceptions that...
About the security content of macOS Monterey 12.1
About the security content of macOS Monterey 12.1 This document describes the security content of macOS Monterey 12.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...