CVE-2026-6345 Prevent password disclosure and force reset during Slack import

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614...

MiracleLinux 4 : ruby-1.8.7.299-7.1.0.1.AXS4 (AXSA:2011-614:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-614:01 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do syste...

CVE-2021-22820

A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4...

TOTOLINK A720R 安全漏洞

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a stack buffer overflow vulnerability that stems from a failure to properly validate the length size o...

EUVD-2003-1254

Malware in sbrugna...

EUVD-2021-9955

Malicious code in bioql PyPI...

Amazon Linux 2023 : python3-bson, python3-pymongo, python3-pymongo-gridfs (ALAS2023-2024-614)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-614 advisory. Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged...

JVN#34232595: ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute

ASUS Router RT-AX3000 provided by ASUSTeK COMPUTER INC. uses sensitive cookies without 'Secure' attribute CWE-614. Impact When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted 'http' connectio...

TLS Cookie without `secure` flag at https://roy.demo.phpmyfaq.de

Description The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function. This issue was found in multiple locations under the reported path. Issue background If the secure flag is set...

Session fixation

A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4...

CVE-2021-22820

A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4...

CVE-2021-22820

CVE-2021-22820 describes a CWE-614Insufficient Session Expiration vulnerability in Schneider Electric EVlink products. Affected are EVlink City (EVC1S22P4/EVC1S7P4), EVlink Parking (EVW2/EVF2/EVP2PE), and EVlink Smart Wallbox (EVB1A), with all versions prior to R8 V3.4.0.2. The issue allows an at...

GitHub Security Lab: [javascript] CWE-614: CodeQL query to detect if cookies are sent without the flag secure being set

This bug was reported directly to GitHub Security Lab...

D-Link DI-614+ IP Fragment Reassembly Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7219/info It has been reported that the implementation of the Internet Protocol IP in the firmware of the D-Link DI-614+ wireless router is vulnerable to a remotely exploitable denial of service condition. The vulnerabili...

Ubuntu: Security Advisory (USN-614-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

D-Link DI-614+ Default Password (deprecated)

Binary data 4849.prm...

Debian: Security Advisory (DSA-614-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2006-1068

Affected products: Netgear 614 and 624 routers (likely VXWorks). Vulnerability: remote attacker can cause a denial of service by sending a malformed DCC SEND string to an IRC channel, leading to an IRC connection reset. Possible cause: linked to masquerading code for NAT environments; details men...

CVE-2003-1264

The CVE-2003-1264 issue affects the TFTP server used by Longshine WAP LCS-883R-AC-B and by the D-Link DI-614+ 2.0 based on it. The vulnerability enables remote attackers to download the configuration file (config.img) and other files without authentication, allowing access to the WEP secret and e...

CVE-2003-1264

TFTP server in Longshine Wireless Access Point WAP LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file config.img and other files without authentication...