MiracleLinux 3 : subversion-1.6.11-12.0.1.AXS3 (AXSA:2014-230:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-230:01 advisory. Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files a...

CVE-2025-1968

Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs Session Replay Attacks.This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231,...

CVE-2002-1968

Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and possibly other versions before 2.1.1.108.003, downloads a DOCSIS configuration file from a TFTP server running on the internal network, which allows local users to modify configuration of the modem via a malicious TFTP server...

Ubuntu: Security Advisory (USN-7476-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-1968

Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs Session Replay Attacks.This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231,...

CVE-2025-1968

Summary: CVE-2025-1968 is an Insufficient Session Expiration vulnerability in Progress Sitefinity. Under specific and uncommon conditions, it allows reusing Session IDs (Session Replay Attacks). Affected versions are Sitefinity 14.0–14.3, 14.4 before 14.4.8145, 15.0 before 15.0.8231, 15.1 before ...

CVE-2025-1968

Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs Session Replay Attacks.This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231,...

CVE-2025-1968

Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs Session Replay Attacks.This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231,...

Linux Distros Unpatched Vulnerability : CVE-2024-1968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme e.g., HTTPS to HTTP but...

Linux Distros Unpatched Vulnerability : CVE-2022-1968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-1968 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2020-1968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have...

Ubuntu: Security Advisory (USN-7018-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1968

In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme e.g., HTTPS to HTTP but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in...

ayugespidertools (>=3.4.0 <=3.9.7), baotool (=1.0.1) +8 more potentially affected by CVE-2024-1968 via scrapy (>=2.0.1 <=2.11.1)

scrapy PYPI version =2.0.1, =3.4.0, =2.8.3, =0.3.0a0, =0.0.1, =0.1.2, =0.2.3, =0.2.1, =0.4.0, =0.8.1 Source cves: CVE-2024-1968 Source advisory: OSV:PYSEC-2024-258...

article-extract (>=0.1.2 <=0.1.3), bookscrape (>=0.0.1.dev1 <=0.0.2b7) +25 more potentially affected by CVE-2024-1968 via scrapy (>=1.3.3 <=1.8.4)

scrapy PYPI version =1.3.3, =0.1.2, =0.0.1.dev1, =1.2.1.20160901, =0.0.5, =0.0.20, =0.9.3, =0.0.1, =1.0.0, =1.0.0, =1.7.2, =1.1.0, =0.1.0, =0.2.3, =0.0.1, =0.1.1, =0.1.4 and more Source cves: CVE-2024-1968 Source advisory: OSV:PYSEC-2024-258...

CVE-2024-1968

In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme e.g., HTTPS to HTTP but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in...

article-extract (>=0.1.2 <=0.1.3), ayugespidertools (>=3.4.0 <=3.9.7) +35 more potentially affected by CVE-2024-1968 via scrapy (>=1.3.3 <=2.11.1)

scrapy PYPI version =1.3.3, =0.1.2, =3.4.0, =2.8.3, =0.0.1.dev1, =1.2.1.20160901, =0.0.5, =0.3.0a0, =0.0.20, =0.9.3, =0.0.1, =0.0.1, =0.1.2, =1.0.0, =1.1.2.post0 and more Source cves: CVE-2024-1968 Source advisory: OSV:GHSA-4QQQ-9VQF-3H3F...

Rocky Linux 8 : libsndfile (RLSA-2022:1968)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1968 advisory. - An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user t...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2020-1968

Summary There is a vulnerability CVE-2020-1968 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the...

EulerOS Virtualization 3.0.2.0 : vim (EulerOS-SA-2023-1736)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read in vim/vim prior to 8.2. CVE-2022-0319 - Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-0413,...