275 matches found
Security Bulletin: Apache Tomcat Vulnerabilities Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID:CVE-2016-8735 DESCRIPTION: Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially...
Linux Distros Unpatched Vulnerability : CVE-2016-5385
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of...
K000149797: BIND vulnerability CVE-2024-12705
Security Advisory Description Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 throug...
ALPINE-CVE-2024-12705
Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...
CVE-2024-12705
Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...
CVE-2024-20436
A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a null pointer dereference when accessin...
HTTPS configuration between Brocade SANnav Management Portal and Brocade SAN switches (no CVE)
A security researcher reported a lack of encryption in Brocade SANnav for management protocol HTTP. The researcher states: By default, the appliance can be installed with these options: To configure HTTP or HTTPS connections between SANnav Management Portal and SAN switches, select one of the...
Softing edgeConnector Siemens Cleartext Transmission of Credentials Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 8099 by default. HTTP...
GHSA-68MJ-9PJQ-MC85 Intermittent HTTP policy bypass
Impact Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. Patches This issue affects: Cilium v1.13 between v1.13.9 and v1.13.12 inclusive Cilium v1.14...
MTN Group: CVE-2018-0296 Cisco ASA Denial of Service & Path Traversal vulnerable on [mtn.co.ug]
The Cisco Adaptive Security Appliance ASA was affected by a vulnerability in its web interface that could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service condition. In certain software releases, the vulnerability also could ha...
Moxa AWK-3121 Cleartext Transmission of Sensitive Information (CVE-2018-10690)
An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such...
July 11, 2023—KB5028171 (OS Build 20348.1850)
July 11, 2023—KB5028171 OS Build 20348.1850 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when n...
CVE-2022-20952
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked...
K51663510: Apache Tomcat vulnerability CVE-2016-5388
Security Advisory Description Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect ...
K22113131: BIG-IP TMM Ram Cache vulnerability CVE-2020-5861
Security Advisory Description The TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. RAM Cache is a BIG-IP feature used to accelerate HTTP traffic and can be enabled in a Web Acceleration profile. CVE-2020-5861 Impact The...
Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900
Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388 could allow a remote attacker to wage a denial of service attack...
Nextcloud 安全漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud useroidc 1.2.1, which stems from the fact that sensitive information such as OIDC client...
CVE-2022-28861
The server in Citilog 8.0 allows an attacker in a man in the middle position between the server and its smart camera Axis M1125 to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server...
Command injection
The server in Citilog 8.0 allows an attacker in a man in the middle position between the server and its smart camera Axis M1125 to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server...
CVE-2022-28861
Citilog 8.0 is affected. The vulnerability arises in the server component that communicates with the Axis M1125 camera, enabling a man-in-the-middle adversary to observe FTP credentials in cleartext HTTP traffic between the server and the camera. Impact is credential exposure enabling FTP access ...