CVE-2024-6303 Missing Authorization in Conduit

Missing authorization in Client-Server API in Conduit =0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the...

PT-2024-37525 · Conduit · Conduit

Name of the Vulnerable Software and Affected Versions: Conduit versions prior to 0.7.0 Description: The issue concerns missing authorization in the Client-Server API, allowing for unauthorized removal and addition of aliases to different rooms. This can be exploited for privilege escalation by...

Debian dla-3834 : libnetty-java - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3834 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] https://www.debian.org/lts/security/...

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

AXIS OS Security Vulnerability

AXIS Os is an edge device operating system from Axis Sweden AXIS. A security vulnerability exists in AXIS OS versions 5.51 through 11.9, which stems from an O3C feature that could expose sensitive traffic between the client and the server...

CVE-2024-2462

Allow attackers to intercept or falsify data exchanges between the client and the server...

CVE-2024-2462

Allow attackers to intercept or falsify data exchanges between the client and the server...

Hitachi FOXMAN-UN Security Vulnerability

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN that originates from a vulnerability that allows an attacker to intercept or forge data exchanges between a client and a server...

Fedora: Security Advisory (FEDORA-2024-b8e474fbd3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: glances-4.0.5-2.fc39

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be don...

[SECURITY] Fedora 40 Update: glances-4.0.5-2.fc40

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be don...

PT-2024-40376 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.0.x Description: The issue concerns the XMLEncoder component's failure to disable external entities when parsing XML, allowing for the inclusion of arbitrary files from the file system. This can be exploited in the Symfony2...

[SECURITY] Fedora 38 Update: nghttp2-1.52.0-3.fc38

This package contains the HTTP/2 client, server and proxy programs...

CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

[SECURITY] Fedora 38 Update: python-aiohttp-3.9.3-1.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

X.Org X Server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X Server and XWayland. Please review the CVE identifiers referenced below for details. Impact The X server can be crashed by a maliciou...

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS)

A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...

Unprotected Storage of Credentials

Overview Affected versions of this package are vulnerable to Unprotected Storage of Credentials. An attacker can steal authentication credentials intended for the database server by performing an adversary-in-the-middle attack between the SQL client and the SQL server, even if the connection is...

PT-2023-35667 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue is identified, potentially causing a crash. The crash occurs in the processClientServerHello and processTLSBlock...

PT-2023-35669 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 2 crash has been reported. The crash occurs in the processClientServerHello function, specifically in the process tls and fuz...