31 matches found
CVE-2026-35533
mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted a...
CVE-2026-35533 mise has a local settings bypass config trust checks
mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted a...
mise-en-place 访问控制错误漏洞
Mise-en-place is a development environment management tool developed by JDX’s individual developers. It supports multiple language versions, environment variables, and task management. In the versions of Mise-en-place from 2026.2.18 to 2026.4.5, there was an access control vulnerability. This...
EUVD-2021-9566
Malicious code in bioql PyPI...
SUSE CVE-2015-5234
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks...
PT-2023-36107 · Mozilla · Ca-Certificates-Mozilla
Name of the Vulnerable Software and Affected Versions: ca-certificates-mozilla affected versions not specified Description: The update for ca-certificates-mozilla fixes issues related to the removal and addition of Certificate Authorities CAs and changes in trust settings. Specifically, it remove...
PT-2022-37540 · Mozilla · Ca-Certificates-Mozilla
Name of the Vulnerable Software and Affected Versions: ca-certificates-mozilla affected versions not specified Description: The update for ca-certificates-mozilla fixes issues related to the removal and addition of Certificate Authorities CAs and changes to trust settings. Specifically, it remove...
Improper Certificate Validation
Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate...
Jenkins Pipeline访问控制错误漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Pipeline is a suite of plugins that support the implementation and integration of continuous delivery pipelines int...
Mac malware intercepts encrypted web traffic for ad injection
Last week, Malwarebytes researcher Adam Thomas found an interesting new piece of Mac malware that exhibits some troubling behaviors, including intercepting encrypted web traffic to inject ads. Let's take a closer look at this adware, which Malwarebytes for Mac detects as OSX.SearchAwesome, to see...
icedtea security update
CentOS Errata and Security Advisory CESA-2016:0778 An update for icedtea-web is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
icedtea-web: unexpected permanent authorization of unsigned applets
It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user approval...
McAfee VirusScan Enterprise < 8.8 Patch 7 Protected Resource Access Bypass (SB10151)
The version of McAfee VirusScan Enterprise VSE installed on the remote Windows host is prior to 8.8 Patch 7. It is, therefore, affected by a flaw in its self-protection mechanism when applying rules to access settings, which are used to determine what applications and associated actions can be...
USN-2817-1 icedtea-web vulnerabilities
It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the .appletTrustSettings configuration file and bypass user approval. CVE-2015-5234 Andrea Palazzo discovered that IcedTea Web incorrectly determined the orig...
icedtea-web: unexpected permanent authorization of unsigned applets
It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user approval...
IcedTea-Web Incorrect Applet URL Validation Vulnerability
IcedTea with an open source implementation to replace those non-open source parts of the OpenJDK , and for the current lack of platform portability OpenJDK to provide portability . IcedTea-Web fails to properly validate applet URLs, allowing remote attackers to build malicious HTML, trick users...
DEBIAN-CVE-2015-5234
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks...
UBUNTU-CVE-2015-5234
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks...
MGASA-2015-0376 Updated icedtea-web packages fix security vulnerabilities
Updated icedtea-web packages fix security vulnerabilities: It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user...
Updated icedtea-web packages fix security vulnerabilities
Updated icedtea-web packages fix security vulnerabilities: It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user...