CVE-2023-38123

Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to explo...

CVE-2023-38123 Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability

Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to explo...

CVE-2023-38123

Inductive Automation Ignition OPC UA Quick Client contains an authentication bypass in the server configuration that controls access to password-change functionality. The vulnerability allows remote attackers to bypass authentication after the user visits a malicious page or opens a malicious fil...

CVE-2024-31992 Mealie contains a DoS vulnerability in recipe importer

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safescrapehtml function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeout on requests, it...

CVE-2024-31992 Mealie contains a DoS vulnerability in recipe importer

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safescrapehtml function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeout on requests, it...

AZL-39797 CVE-2024-2511 affecting package nodejs for versions less than 20.14.0-1

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...

OpenSSL 3.2.0 < 3.2.2 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.2.2 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the function...

CVE-2024-2435 Stored XSS in Timeline View

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

CVE-2024-2764

A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. T...

Tenda AC18 Security Vulnerability

Tenda AC18 is a router from Tenda, China. A security vulnerability exists in Tenda AC18 version V15.03.05.05, which is caused by a stack-based buffer overflow in the startIP parameter of the formSetPPTPServer function of the /goform/SetPptpServerCfg file...

BIT-TOMCAT-2020-9484

When using Apache Tomcat versions 9.0.0 through 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the PersistenceManager is configured...

BIT-POSTGRESQL-2021-23214

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption...

BIT-PRESTASHOP-2023-39528 PrestaShop vulnerable to file reading through path traversal

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the displayAjaxEmailHTML method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are ...

BIT-MASTODON-2023-42450 Mastodon Server-Side Request Forgery vulnerability

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...

BIT-AKENEO-2022-46157

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

CVE-2024-24783

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...

F5 BIG-IP Buffer Error Vulnerability

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from an undisclosed request that could cause the Traffic Management Microkernel TMM to...

Is it required to change settings on the SFside when the configuration of DNS server changes?

It is not required to change settings on the StoreFront side when the the configuration of DNS server changes...

CVE-2023-41337

Summary: CVE-2023-41337 affects the H2O HTTP server prior to 2.3.0-beta2 when configured to listen on multiple addresses/ports with backend servers from multiple entities. A malicious backend that can observe/inject client–server packets may misdirect TLS session resumption, causing HTTPS request...

CVE-2023-49424

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg...