Linux Distros Unpatched Vulnerability : CVE-2020-8167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. CVE-2020-8167 Note that Nessus...

Astra Linux – Vulnerability in Firefox

The incorrect domain might have been displayed in the address bar during a interrupted navigation attempt. This could have caused confusion for users and potentially led to spoofing attacks. This vulnerability affects Firefox 133 and Thunderbird 133...

UBUNTU-CVE-2024-11701

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133 and Thunderbird 133...

Intel Dynamic Tuning Technology 安全漏洞

Intel Dynamic Tuning Technology is a technology from Intel Corporation that enables smarter and more efficient performance management by dynamically tuning processor and system performance parameters. A security vulnerability exists in Intel Dynamic Tuning Technology, which arises from an issue...

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

Fortinet FortiManager和FortiAnalyzer 安全漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer, both from Fortinet, are a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. The product is mainly used to collect network log data and analyze, report and archive...

Improper Certificate Validation

Overview com.squareup.okhttp3:okhttp is a HTTP & HTTP/2 client for Android and Java applications Affected versions of this package are vulnerable to Improper Certificate Validation via the verifyHostName function in OkHostnameVerifier.java. An attacker can gain unauthorized access to sensitive...

DEBIAN-CVE-2021-39686

In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-29613

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain...

CVE-2020-29613

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain...

Code injection

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain...

PT-2021-7984 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions 8.1 through 11 Description: The issue is related to improperly used crypto in the verifyHostName function of OkHostnameVerifier.java, which could lead to accepting a certificate for the wrong domain. This might result in remo...

CVE-2020-9903

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain...

PT-2020-20852 · Apple · Ios +2

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 13.1.2 iOS versions prior to 13.6 iPadOS versions prior to 13.6 Description: A logic issue was addressed with improved restrictions. A malicious attacker may cause Safari to suggest a password for the wrong domain...

Apple Safari Login AutoFill Component Logic Flaw Vulnerability

Apple Safari is a web browser from Apple, Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in the Safari Login AutoFill component in Apple Safari versions prior to 13.1.2, iOS versions prior to 13.6, and iPadOS versions prior ...

UBUNTU-CVE-2020-8167

A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...

CVE-2020-8167

A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...

CVE-2019-11699

A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox 67...

HackerOne: Account recovery text message is sending a wrong domain to users.

Hey, I hope you're fine. : Summary: When users setup Account recovery at Authentication section Hackerone sends them text message to their updated phone number with a wrong domain link. Description: When users adds phone number at Account recovery, they get a text message on their phone number,...