CVE-2023-51631

D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerabilit...

CVE-2023-51631 D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerabilit...

CVE-2024-1579

Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Secomea GateManager Webserver modules allows Session Hijacking.This issue affects GateManager: before 11.2.624071020...

CVE-2024-1969

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Secomea GateManager webserver modules allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033...

CVE-2024-1969 Heap buffer overflow

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Secomea GateManager webserver modules allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033...

CVE-2024-1969

CVE-2024-1969 affects Secomea GateManager webserver modules. A Buffer Copy without Checking Size of Input (classic buffer overflow) can crash GateManager. Affected versions are 9.7 through 11.2.624095033. Remediation: update to a version after 11.2.624095033 (per PT-2024-18459). The available con...

CVE-2024-1579 Insufficient seeding of random number generator

Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Secomea GateManager Webserver modules allows Session Hijacking.This issue affects GateManager: before 11.2.624071020...

CVE-2024-1579 Insufficient seeding of random number generator

Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Secomea GateManager Webserver modules allows Session Hijacking.This issue affects GateManager: before 11.2.624071020...

CVE-2024-1579

The CVE concerns Secomea GateManager, specifically the Webserver modules, with an underlying flaw in the PRNG seeding. The root cause is Incorrect Usage of Seeds in the PRNG, which can lead to session hijacking. Affected/version info: GateManager before 11.2.624071020. Documented impact indicates...

PT-2024-18459 · Secomea · Secomea Gatemanager

Name of the Vulnerable Software and Affected Versions: Secomea GateManager versions 9.7 through 11.2.624095033 Description: A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' issue in the webserver modules of Secomea GateManager allows the crash of GateManager. Recommendations...

Information Exposure

apache-airflow is vulnerable to Information Exposure. The vulnerability is due a flaw in the "configuration" UI page when "non-sensitive-only" was set as webserver.exposeconfig configuration. An attacker can exploit this vulnerability by sending a specially crafted request to see sensitive provid...

[SECURITY] Fedora 38 Update: python-aiohttp-3.9.3-3.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

[SECURITY] Fedora 39 Update: python-aiohttp-3.9.3-3.fc39

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

[SECURITY] Fedora 40 Update: python-aiohttp-3.9.3-3.fc40

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

CVE-2024-31869

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

CVE-2024-31869 Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

CVE-2024-31869

The CVE affects Apache Airflow 2.7.0–2.8.4, where an authenticated user can view sensitive provider configuration on the configuration UI if webserver.expose_config is set to non-sensitive-only; the Celery provider is noted as having sensitive configurations. Impact is information disclosure via ...

Schneider Electric Modicon M340 GoAhead Webserver Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2015-7937)

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. This plugin only works with Tenable.ot. Please visit...

CVE-2024-27575

INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI...

CVE-2023-25200

An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser...