14 matches found
EUVD-2023-0227
Malicious code in bioql PyPI...
EUVD-2022-43249
Malicious code in bioql PyPI...
Authentication Bypass
OPCFoundation.NetStandard.Opc.Ua is vulnerable to an Authentication Bypass. The vulnerability is due to improper authentication enforcement due to weaknesses in HTTPS endpoint handling, allowing an unauthorized attacker to bypass application authentication...
EulerOS Virtualization 2.10.0 : python-requests (EulerOS-SA-2023-2946)
According to the versions of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination...
Oracle Linux 8 : python27:2.7 (ELSA-2023-7042)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7042 advisory. - Fix CVE-2021-20095 Resolves: rhbz1955615 - Fix CVE-2019-6446 - Fix CVE-2014-1858, CVE-2014-1859: 1062009, 1062359 - Security fix for CVE-2023-40217 Resolves:...
CVE-2023-31190
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which t...
CVE-2023-32681
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...
Design/Logic Flaw
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the...
CVE-2022-3913 Rapid7 Nexpose Certificate Validation Issue
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the...
Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-ftd-mgmt-privesc-7GqR2th)
A vulnerability in the management web server of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly...
Cleartext Transmission of Sensitive Information in moment-timezone
Impact if Alice uses grunt data or grunt release to prepare a custom-build, moment-timezone with the latest tzdata from IANA's website and Mallory intercepts the request to IANA's unencrypted ftp server, Mallory can serve data which might exploit further stages of the moment-timezone tzdata...
PT-2022-28282 · Unknown · Moment-Timezone
Name of the Vulnerable Software and Affected Versions: moment-timezone versions prior to 0.5.35 Description: The issue arises when using grunt data or grunt release to prepare a custom build of moment-timezone with the latest tzdata from IANA's website. If an attacker intercepts the request to...
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core
A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to trigger a stack overflow exception in a server that exposes an HTTPS endpoint...
CVE-2020-16163
An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent...