CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates

Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...

CVE-2024-54147

The CVE-2024-54147 entry covers Altair GraphQL Client (desktop) prior to version 8.0.5, where the application does not validate HTTPS certificates. This weakness enables a man-in-the-middle on untrusted networks to intercept GraphQL request/response headers and bodies (including authorization tok...

PT-2024-36071 · Altair · Altair Graphql Client

Name of the Vulnerable Software and Affected Versions: Altair GraphQL Client versions prior to 8.0.5 Description: The issue arises from the Altair GraphQL Client's desktop app not validating HTTPS certificates, allowing a man-in-the-middle to intercept all requests. This can compromise GraphQL...

Oracle Linux 8 : perl-App-cpanminus:1.7044 (ELSA-2024-10219)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10219 advisory. - Patch the code to use https instead of http CVE-2024-45321 perl-CPAN-DistnameInfo perl-CPAN-Meta-Check perl-File-pushd perl-Module-CPANfile perl-Parse-PMFile...

Exploit for Uncontrolled Resource Consumption in Ietf Http

CVE-2023-44487 - HTTP/2 Rapid Reset Exploit PoC --- Desc...

perl-App-cpanminus:1.7044 security update

perl-App-cpanminus 1.7044-6 - Patch the code to use https instead of http CVE-2024-45321 perl-CPAN-DistnameInfo perl-CPAN-Meta-Check perl-File-pushd perl-Module-CPANfile perl-Parse-PMFile perl-String-ShellQuote perl-App-cpanminus 1.7044-6 - Patch the code to use https instead of http CVE-2024-453...

GHSA-V3W7-G6P2-MPX7 OpenShift Console Server Side Request Forgery vulnerability

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

EnGenius多款产品 安全漏洞

EnGenius ENH1350EXT and others are an outdoor wireless access point from EnGenius. A security vulnerability exists in several EnGenius products, which stems from an incorrect operation of the parameter httpsenable that can lead to command injection. The following products are affected: EnGenius...

perl-App-cpanminus security update

1.7044-14.1 - Patch the code to use https instead of http CVE-2024-45321 - Resolves: RHEL-56519...

CVE-2023-51634

NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this...

CVE-2023-51634

CVE-2023-51634 affects NETGEAR RAX30 routers. The vulnerability lies in the HTTPS file-download path, where server certificate validation is improperly performed, allowing network-adjacent attackers to exploit it without authentication and execute arbitrary code with root privileges. Documented i...

CVE-2023-51634 NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability

NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this...

Cache Poisoning

libcurl.so is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of HSTS cache entries in curl, where a subdomain’s HSTS expiry time can overwrite the parent domain's cache entry, causing incorrect HTTPS timeout handling. It allows an attacker to trigger insecure HTTP...

CVE-2022-20656

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system. This vulnerability is due...

CVE-2022-20656 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system. This vulnerability is due...

CVE-2022-20656 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system. This vulnerability is due...

OESA-2024-2389 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later th...

Malicious code in htp-https (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c2627fae79f21d1e7b7ad7f9e9ebca90c821733e520f78eb372c1ca2bd247bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10701 Malicious code in htp-https (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c2627fae79f21d1e7b7ad7f9e9ebca90c821733e520f78eb372c1ca2bd247bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ROS-20241112-10

A vulnerability in the cross-platform BitTorrent client qBittorrent is related to the use of https URLs even after certificate validation errors. Exploitation of the vulnerability could allow an attacker acting remotely to access sensitive data and compromise their integrity. remotely to gain...