CVE-2024-47871

CVE-2024-47871 affects Gradio, an open-source Python package for quick prototyping. The flaw is insecure communication between the FRP client and server when share=True is enabled, with no enforced HTTPS. This allows an attacker to intercept files uploaded to the Gradio server and modify response...

Gradio uses insecure communication between the FRP client and server

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files upload...

Race Condition

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Race Condition in the updaterootinconfig function. An attacker can redirect user traffic to a malicious server, potentially intercepting sensitive da...

Gradio has a race condition in update_root_in_config may redirect user traffic

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect use...

GHSA-XH2X-3MRM-FWQM Gradio has a race condition in update_root_in_config may redirect user traffic

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect use...

Gradio 安全漏洞

Gradio, an open source Python library open sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio has a security vulnerability that stems from HTTPS not being enforced over a connection. An attacker exploiting this vulnerability cou...

CentOS 7 : thunderbird (RHSA-2021:0297)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0297 advisory. - During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...

PT-2024-7646 · Apache · Apache Lucene.Net.Replicator

Name of the Vulnerable Software and Affected Versions: Apache Lucene.Net.Replicator versions 4.8.0-beta00005 through 4.8.0-beta00016 Description: This issue is related to the deserialization of untrusted data, which can result in remote code execution or other potential unauthorized access. An...

CVE-2024-20385

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator NDO could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device. This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature...

CVE-2024-20385 Cisco Nexus Dashboard Orchestrator SSL Certificate Validation Vulnerability

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator NDO could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device. This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature...

CVE-2024-44097

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. T...

CVE-2024-44097

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. T...

CVE-2024-44097

CVE-2024-44097 : Google Nest devices are affected by a TLS trust-management flaw where the application fails to properly validate the server certificate during TLS initialization, allowing a network attacker to intercept and read data and potentially forward or inject modified data to the real se...

CVE-2024-44097

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. T...

CVE-2024-44097

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. T...

Cisco Nexus Dashboard 安全漏洞

Cisco Nexus Dashboard is a single console from Cisco, Inc. It can simplify the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard that stems from the Cisco NDO Verify Peer Certificates site management feature authenticating only when adding ...

Google Nest 安全漏洞

Google Nest is a smart home product from the American company Google Google. Google Nest suffers from a trust management issue vulnerability that stems from the application failing to properly validate the server certificate when initializing a TLS connection, which can be exploited by a cyber...

USN-7050-1 ruby-devise-two-factor vulnerabilities

Benoit Côté-Jodoin and Michael Nipper discovered that Devise-Two-Factor incorrectly handled one-time password validation. An attacker could possibly use this issue to intercept and re-use a one-time password. CVE-2021-43177 Garrett Rappaport discovered that Devise-Two-Factor incorrectly handled...

Ubuntu 20.04 LTS / 22.04 LTS : Devise-Two-Factor vulnerabilities (USN-7050-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7050-1 advisory. Benoit Ct-Jodoin and Michael Nipper discovered that Devise-Two-Factor incorrectly handled one-time password validation. An attacker could...

CVE-2024-8455

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets ca...