CVE-2024-52316

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...

USN-7108-1: AsyncSSH vulnerabilities

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. CVE-2023-46445 Fabian Bäumer, Marcus...

PT-2024-9168 · Nextcloud +1 · Nextcloud Mail +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.14.6 Nextcloud Mail versions prior to 1.15.4 Nextcloud Mail versions prior to 2.2.11 Nextcloud Mail versions prior to 3.6.3 Nextcloud Mail versions prior to 3.7.7 Nextcloud Mail versions prior to 4.0.0...

The vulnerability of the authentication module through the OpenID Connect protocol in NGINX web servers, related to improper session management, allows attackers to gain full access to the application.

The vulnerability of the authentication module through the OpenID Connect protocol in NGINX web servers is related to improper session management. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full access to the application by intercepting sessions...

CVE-2024-49393

CVE-2024-49393 affects the email clients neomutt and mutt . The issue is that the To and Cc headers are not validated by cryptographic signing, allowing an interceptor to modify recipients and potentially compromise message confidentiality. Public documents confirm patched updates exist (e.g., Ma...

CVE-2024-49393

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality...

CVE-2024-52288 RMAC revert to the beginning of the session in libosdp

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected REPLYCCRYPT or REPLYRMACI may be introduced into an active stream when they should not be. Once RMACI message can...

CVE-2024-52288 RMAC revert to the beginning of the session in libosdp

libosdp is an implementation of IEC 60839-11-5 OSDP Open Supervised Device Protocol and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected REPLYCCRYPT or REPLYRMACI may be introduced into an active stream when they should not be. Once RMACI message can...

LibOSDP 安全漏洞

LibOSDP is a goToMain open source cross-platform open source implementation of the IEC 60839-11-5 Open Surveillance Device Protocol. Designed to improve interoperability between access control and security products. A security vulnerability exists in versions prior to LibOSDP 3.0.0 that stems fro...

KLA77342 XSS vulnerability in Apache Tomcat

Cross-site scripting XSS vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to perform cross-site scripting attack. Original advisories Apache Tomcat 9.0 vulnerabilities Exploitation Public exploits exist for this vulnerability. Related products Apache-Tomcat...

angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication

A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...

Talkatone com.talkatone.android application 安全漏洞

Talkatone com.talkatone.android application is an application for virtual phone calls from Talkatone, Inc. A security vulnerability exists in the Talkatone com.talkatone.android application, which originates from allowing any installed application without privileges to send a specially crafted...

Security Advisory 0105

Security Advisory 0105 PDF Date: October 29, 2024 Revision | Date | Changes ---|---|--- 1.0 | October 29, 2024 | Initial release Description Multiple vulnerabilities exist for the Arista Edge Threat Management - Arista NG Firewall NGFW: 1 Description : A user with administrator privileges can...

CVE-2024-40595

An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions SPS On Premise before 7.5.1 and LTS before 7.0.5.1 allows man-in-the-middle attackers to obtain access to privileged sessions on target resources by intercepting cleartext RDP protocol informatio...

CVE-2024-45259

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted...

CVE-2023-50310

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

CVE-2023-50310

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

CVE-2023-49570

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant ...

CVE-2023-6058

A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for...

CVE-2023-49570

CVE-2023-49570 affects Bitdefender Total Security through HTTPS scanning trust management. The flaw arises when the product trusts a certificate whose Basic Constraints mark it as an End Entity, enabling potential MITM where an attacker could intercept and possibly modify traffic between a user a...