5296 matches found
CVE-2021-41615
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...
CVE-2021-41615
The CVE-2021-41615 entry relates to GoAhead WebServer 2.1.8 (websda.c) having insufficient nonce entropy because nonce calculation uses a hardcoded value (onceuponatimeinparadise) that does not comply with RFC 7616/2617 secret-data guidelines. The vulnerability is documented with a high CVSS v3.1...
PT-2022-11443 · Goahead · Goahead Web Server
Name of the Vulnerable Software and Affected Versions: GoAhead WebServer version 2.1.8 Description: The issue arises from insufficient nonce entropy in the websda.c file of GoAhead WebServer. This is due to the nonce calculation relying on a hardcoded value, onceuponatimeinparadise, which does no...
Embedthis Software GoAhead 安全特征问题漏洞
Embedthis Software GoAhead is an open source, small embedded web server from Embedthis Software, USA. A security vulnerability exists in Embedthis Software GoAhead WebServer version 2.1.8, which stems from the fact that websda.c does not have sufficient nonce entropy, but nonce computation relies...
[SECURITY] [DSA 5198-1] jetty9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5198-1 [email protected] https://www.debian.org/security/ Markus Koschany August 02, 2022 https://www.debian.org/security/faq -...
The default installation configuration “[webserver] secret_key” of the Airflow data processing software’s creation, monitoring, and orchestration tools makes it possible for a malicious individual to gain unauthorized access to an external web server.
The vulnerability of the default installation configuration “webserver secretkey” in software for creating, monitoring, and orchestrating Airflow data processing scenarios is related to the use of pre-installed credentials. Exploiting this vulnerability could allow an attacker, operating remotely...
Schneider Electric Modicon NULL Pointer Dereference (CVE-2022-34761)
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior - A...
Schneider Electric Modicon Out-of-bounds Write (CVE-2022-34759)
A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior - A...
Siemens SCALANCE X Switch Devices Use of Insufficiently Random Values (CVE-2022-26647)
A vulnerability has been identified in SCALANCE X200-4P IRT All versions, SCALANCE X200-4P IRT All versions, SCALANCE X201-3P IRT All versions, SCALANCE X201-3P IRT All versions, SCALANCE X201-3P IRT PRO All versions, SCALANCE X201-3P IRT PRO All versions, SCALANCE X202-2IRT All versions, SCALANC...
MultiSafepay < 4.16.0 - Unauthenticated Arbitrary File Access
The plugin does not validate a parameter which could allow unauthenticated users to read arbitrary files on the web server...
CVE-2022-31208
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...
CVE-2022-31208
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...
Code injection
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...
CVE-2022-31208
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...
CVE-2022-34760
A CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module...
CVE-2022-34761
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...
CVE-2022-34759
A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...
CVE-2022-34760
A CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module...
Design/Logic Flaw
A CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module...
Null pointer dereference
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...