Siemens RUGGEDCOM ROX Use of a Broken or Risky Cryptographic Algorithm (CVE-2023-36749)

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

Broadcom RAID Controller Security Vulnerability

The Broadcom RAID Controller is a series of RAID controllers from Broadcom Corporation. A security vulnerability exists in the Broadcom RAID Controller that stems from an insecure HTTP in the web interface that prevents the protection of the SESSIONID cookie with the SameSite attribute...

Siemens RUGGEDCOM ROX Encryption Issue Vulnerability

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A security vulnerability exists in the Siemens RUGGEDCOM ROX that stems from the affected device's web server supporting the insecure TLS 1.0 protocol...

CVE-2023-36749

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

CVE-2023-33620

GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack...

Design/Logic Flaw

GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack...

CVE-2023-33620

GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack...

CVE-2023-33620

Public technical details are not provided in the connected documents. The initial description notes an insecure protocol allowing MITM in GL.iNET GL-AR750S-Ext firmware v3.215. Monitor for updates.

Internet Download Manager v6.41 Build 3 - Remote Code Execution Vulnerability

Exploit Title: Internet Download Manager v6.41 Build 3 - Remote Code Execution RCE Exploit Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.internetdownloadmanager.com/ Software Link:...

SUSE CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

curl 安全漏洞

Curl is a tool used to transfer data from or to a server. There is a security vulnerability in curl that stems from an HSTS check being bypassed to trick it into continuing to use HTTP. an attacker exploiting this vulnerability could access the data on curl to read sensitive information...

Resources Downloaded over Insecure Protocol

Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol due to improper validation of the Content-Disposition header when the filename was provided by the user. Exploiting this vulnerability results in a reflected file download RFD attack...

Vmware VMware Spring Cloud Gateway 信任管理问题漏洞

Vmware VMware Spring Cloud Gateway is a gateway component from Vmware, Inc. A trust management issue vulnerability exists in VMware Spring Cloud Gateway that stems from a security bypass issue when using the HTTP2 insecure TrustManager. A local user can send a specially crafted request and connec...

UBUNTU-CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

Cobbler 加密问题漏洞

Cobbler is a network installation server suite that is primarily used to quickly build Linux network installation environments. a security vulnerability exists in Cobbler that stems from routines in some files that use the HTTP protocol instead of the more secure HTTPS. no details of the...

CVE-2021-29794

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556...

PT-2021-19572 · Jetbrains · Webstorm

Name of the Vulnerable Software and Affected Versions: JetBrains WebStorm versions prior to 2021.1 Description: The issue concerns the use of HTTP requests instead of HTTPS in JetBrains WebStorm. Recommendations: For versions prior to 2021.1, update to version 2021.1 or later to resolve the issue...

CVE-2021-27251

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a...

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a...

CVE-2021-27251

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a...