CVE-2023-49621

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device...

CVE-2023-49251

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.7. The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device...

Amazon Linux 2 : perl-HTTP-Daemon (ALAS-2024-2405)

The version of perl-HTTP-Daemon installed on the remote host is prior to 6.01-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2405 advisory. HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which cou...

CVE-2023-5594

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted...

CVE-2023-5594

CVE-2023-5594 describes improper validation of the server’s certificate chain in the secure traffic scanning feature, causing intermediate certificates signed with MD5 or SHA-1 to be treated as trusted. Multiple sources (NVD, CVE List, CNNVD, PRION/PRION-like entries, and EUVD) tie this to ESET s...

PT-2023-7999 · Eset · Eset Security For Microsoft Sharepoint Server +12

Name of the Vulnerable Software and Affected Versions: ESET NOD32 versions affected versions not specified ESET Internet Security versions affected versions not specified ESET Smart Security Premium versions affected versions not specified ESET Security Ultimate versions affected versions not...

The vulnerability of the FortiDDoS-F software and the FortiADC web management tool lies in the use of an unauthorized intermediate policy file, allowing attackers to access confidential information.

The vulnerability of the FortiDDoS-F software and the FortiADC web management tool lies in the use of an unauthorized intermediate policy file. Exploiting this vulnerability can allow attackers to access confidential information...

PT-2023-8242 · Siemens · Simatic Cn 4100

Name of the Vulnerable Software and Affected Versions: SIMATIC CN 4100 versions prior to V2.7 Description: A vulnerability has been identified in the intermediate installation process of the SIMATIC CN 4100 communication gateway, which is related to the use of default credentials with admin...

PT-2023-8243 · Siemens · Simatic Cn 4100

Name of the Vulnerable Software and Affected Versions: SIMATIC CN 4100 versions prior to V2.7 Description: A vulnerability has been identified that allows an attacker to add their own login credentials to the device during the "intermediate installation" system state. This enables the attacker to...

PT-2023-9699 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 27.1.9 Nextcloud Server versions prior to 28.0.5 Nextcloud Server versions prior to 29.0.0 Nextcloud Enterprise Server versions prior to 21.0.9.18 Nextcloud Enterprise Server versions prior to 22.2.10.23...

Siemens QMS Automotive 安全漏洞

Siemens QMS Automotive is a quality management system for the automotive industry from Siemens, Germany. A security vulnerability exists in Siemens QMS Automotive version V12.39, which stems from a lack of security controls in the affected application to prevent unencrypted communication without...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

Fedora 38 : perl-HTTP-Daemon (2023-748e811334)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-748e811334 advisory. 6.16 2023-02-24 03:07:14Z - Bump LWP::UserAgent to 6.37 in TestSuggests GH65 Olaf Alders ---- 6.15 2023-02-22 22:02:46Z - Fix CVE-2022-31081: Inconsistent...

K15623: GnuTLS vulnerability CVE-2009-5138

Security Advisory Description GnuTLS before 2.7.6, when the GNUTLSVERIFYALLOWX509V1CACRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new...

K14903688: BIG-IP SSL Profile OCSP Authentication security exposure

Security Advisory Description The BIG-IP system does not properly verify the revocation of intermediate CA certificates when querying Online Certificate Status Protocol OCSP servers and may allow unauthorized connections. This issue occurs when all of the following conditions are met: You have a...

SUSE CVE-2003-0432

Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the 1 BGP, 2 WTP, 3 DNS, 4 802.11, 5 ISAKMP, 6 WSP, 7 CLNP, 8 ISIS, and 9 RMI dissectors...

SUSE CVE-2005-3241

Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote attackers to cause a denial of service memory consumption via unspecified vectors in the 1 ISAKMP, 2 FC-FCS, 3 RSVP, and 4 ISIS LSP dissector...