107 matches found
Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information (CVE-2024-39275)
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user. This plugin...
MiracleLinux 7 : httpd-2.4.6-97.4.0.1.el7.AXS7 (AXSA:2022-2982:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2982:01 advisory. httpd: modlua: Possible buffer overflow when parsing multipart content CVE-2021-44790 httpd: modsession: Heap overflow via a crafted SessionHeader...
MiracleLinux 7 : httpd24-httpd-2.4.34-23.el7.5 (AXSA:2022-3871:03)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3871:03 advisory. httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 httpd: NULL...
Linux Distros Unpatched Vulnerability : CVE-2023-39275
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to...
MAL-2025-39275 Malicious code in willow-1w7vd-dwlwi-opal-project (npm)
The package willow-1w7vd-dwlwi-opal-project was found to contain malicious code...
Exploit for Improper Input Validation in Saleor
saleor-platform All Saleor services started from a single repo...
CVE-2024-39275
creationtimestamp| type| source ---|---|--- 2024-09-27 20:55:15+00:00| seen| https://t.me/cvedetector/6567...
CVE-2024-39275
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user...
CVE-2024-39275 Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user...
[SECURITY] [DSA 5653-1] gtkwave security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5653-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 03, 2024 https://www.debian.org/security/faq -...
CVE-2023-39275
creationtimestamp| type| source ---|---|--- 2024-01-11 21:17:01+00:00| seen| https://t.me/ctinow/166831...
CVE-2023-39275
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...
CVE-2023-39275
CVE-2023-39275 affects GTKWave up to version 3.3.115, where multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing code. A crafted .lxt2 file can trigger arbitrary code execution when opened by a user. Root cause is an overflow during allocation of the value array. Remedi...
CVE-2023-39275
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...
GTKWave LXT2 facgeometry parsing integer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1818 GTKWave LXT2 facgeometry parsing integer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-39273,CVE-2023-39271,CVE-2023-39274,CVE-2023-39275,CVE-2023-39272,CVE-2023-39270 SUMMARY Multiple integer overflow vulnerabilities exist in the LXT2...
NewStart CGSL MAIN 6.06 : httpd Multiple Vulnerabilities (NS-SA-2023-1001)
The remote NewStart CGSL host, running version MAIN 6.06, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily...
NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2023-0011)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow CVE-2021-26691 ...
K20622400: Apache HTTP server vulnerability CVE-2021-39275
Security Advisory Description apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. CVE-2021-39275 Impact This...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1074)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring Installed WebSphere Application Server including Log4j
Summary The following security issues has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect fr...