CVE-2024-0716

A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack...

CVE-2024-0716

CVE-2024-0716 affects Byzoro Smart S150 Management Platform v31R02B15, specifically the Backup File Handler component’s /log/download.php, where manipulation leads to information disclosure. The connected PT-2024-15776 entry provides concrete details: remote initiation is possible, attack complex...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

AlmaLinux 9 : nss (ALSA-2024:0108)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0108 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. T...

Security Update for Microsoft .NET Core SDK (CVE-2024-0057)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the January 2024 advisory. - .Net Core Security Feature Bypass Vulnerability CVE-2024-0057 Note that Nessus has not tested for these issues but has...

Design/Logic Flaw

A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told...

CVE-2024-0351 SourceCodester Engineers Online Portal session fixiation

A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-0188

A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file changepasswordteacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity o...

CVE-2024-0188 RRJ Nueva Ecija Engineer Online Portal change_password_teacher.php weak password

A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file changepasswordteacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity o...

CVE-2024-0186

Summary: CVE-2024-0186 affects HuiRan Host Reseller System up to 2.0.0. The vulnerability is in an unknown function of the HTTP POST Request Handler at /user/index/findpass?do=4, enabling weak password recovery. Exploitation is described as remote with high attack complexity and a public exploit ...

Sql injection

A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file member/login.php. The manipulation of the argument Mpwd leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be...

CVE-2023-4462 Poly VVX 601 Web Configuration Application random values

A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250,...

GHSA-JPFP-XQ3P-4H3R Deis Workflow Manager race condition vulnerability

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...

CVE-2016-15036

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...

Race condition

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...

Intel BIOS Firmware CVE-2022-26837 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. - Improper input validation in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2023-6908

A vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. This affects the function unzipfile of the file kuiper/app/controllers/casemanagement.py of the component TAR Archive Handler. The manipulation of the argument dstpath leads to path traversal. It is possib...

CVE-2023-6908 DFIRKuiper TAR Archive case_management.py unzip_file path traversal

A vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. This affects the function unzipfile of the file kuiper/app/controllers/casemanagement.py of the component TAR Archive Handler. The manipulation of the argument dstpath leads to path traversal. It is possib...

RHEL 7 : Red Hat Single Sign-On 7.6.6 security update on RHEL 7 (Important) (RHSA-2023:7854)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7854 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...