GHSA-R2JW-C95Q-RJ29 Duplicate Advisory: cocoon Reuses a Nonce, Key Pair in Encryption

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6878-6wc2-pf5h. This link is maintained to preserve external references. Original Description Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encryp...

The vulnerability of the `requestLetsEncryptSsl` function in the NGINX Proxy Manager’s proxy server allows a hacker to execute arbitrary code.

The vulnerability of the requestLetsEncryptSsl function in the NGINX Proxy Manager’s proxy management module is related to the lack of measures taken to sanitize data at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by adding a specially craft...

CVE-2024-46257

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5...

CVE-2024-46257

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5...

CVE-2024-46256

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate...

CVE-2024-46256

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate...

NginxProxyManager 安全漏洞

NginxProxyManager is NginxProxyManager individual developer's Docker container for managing Nginx proxy hosts with a simple, powerful interface. A security vulnerability exists in NginxProxyManager version 2.11.3, which stems from a command injection issue in the...

CVE-2024-46256

CVE-2024-46256 affects NginxProxyManager 2.11.3 and is due to a command injection in the requestLetsEncryptSsl routine that enables remote code execution when adding a Let’s Encrypt certificate. The Red Hat/OSV/NVD entries corroborate the same vulnerability description (CVE-2024-46256) and identi...

CVE-2024-46257

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5...

CVE-2024-46257

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5...

CVE-2024-46256

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate...

CVE-2024-46257

CVE-2024-46257 describes a command-injection vulnerability in NginxProxyManager 2.11.3, specifically in the requestLetsEncryptSslWithDnsChallenge path, enabling remote code execution when adding a Let’s Encrypt certificate. Multiple connected sources corroborate that the flaw allows RCE and perta...

CVE-2024-46256

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate...

NginxProxyManager 安全漏洞

NginxProxyManager is NginxProxyManager individual developer's Docker container for managing Nginx proxy hosts with a simple, powerful interface. A security vulnerability exists in NginxProxyManager version 2.11.3, which stems from the presence of a command injection vulnerability that could allow...

CVE-2024-45838 goTenna Pro ATAK Plugin Cleartext Transmission of Sensitive Information

The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for callsigns in encrypted operation...

Express.js Cookie-Session Weak Secret Key

Express.js applications with Cookie-Session use an application key to encrypt and sign various data, including session cookies and other sensitive information. This key is typically stored in an environment variable and is used for multiple security-critical operations. When a weak or easily...

Victure PC420 安全漏洞

Victure PC420 is a web-based smart camera from Victure. A security vulnerability exists in the Victure PC420 version 1.1.39 that stems from the use of a hard-coded key to encrypt data...

The vulnerability of the NSS encryption component in Mozilla Firefox and Firefox ESR browsers allows attackers to gain access to protected information.

The vulnerability of the CKMCHACHA20 font set in Mozilla Firefox and Firefox ESR browsers is related to the possibility of buffer overflow in dynamic memory. Exploiting this vulnerability can allow a malicious actor to gain access to protected information through a call to PK11Encrypt...

Web Browser Stored Credentials

Microsoft introduced Data Protection Application Programming Interface DPAPI in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading - Web Browser Stored Credentials...

Mozilla Firefox and Firefox ESR Information Disclosure Vulnerability (CNVD-2024-37122)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. Mozilla Firefox and Firefox ESR suffer from an information disclosure vulnerability that stems from PK11Encrypt disclosing sensitive information under certain circumstances. An...