USN-7241-1: Bind vulnerabilities

Toshifumi Sakaguchi discovered that Bind incorrectly handled many records in the additional section. A remote attacker could possibly use this issue to cause Bind to consume CPU resources, leading to a denial of service. CVE-2024-11187 Jean-François Billaud discovered that the Bind DNS-over-HTTPS...

ISC BIND 安全漏洞

ISC BIND is an ISC open source suite of open source software that implements the DNS protocol. A security vulnerability exists in ISC BIND 9 that stems from the fact that a client using DNS-over-HTTPS DoH can exhaust its CPU and/or memory by injecting carefully crafted valid or invalid HTTP/2...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Bind vulnerabilities (USN-7241-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7241-1 advisory. Toshifumi Sakaguchi discovered that Bind incorrectly handled many records in the additional section. A remote attacker...

CVE-2025-24390 Missing Cookie Flags

A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X...

PT-2025-2667 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: A server side request forgery issue was identified in Kibana where the "/api/fleet/health check" API could be used to send requests to internal endpoints. Due to the nature of the underlying...

CVE-2024-10497

CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges Elevation of Privileges when the attacker sends modified HTTPS requests to the device...

CVE-2024-10497

CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges Elevation of Privileges when the attacker sends modified HTTPS requests to the device...

CVE-2024-10497

CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges Elevation of Privileges when the attacker sends modified HTTPS requests to the device...

CVE-2024-10497

Schneider Electric PowerLogic HDPM6000 is affected by CVE-2024-10497 (Authorization Bypass Through User-Controlled Key). The vulnerability allows an authorized attacker to modify values outside defined privileges by sending modified HTTPS requests, resulting in Elevation of Privileges. Documents ...

CVE-2024-11425

CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver...

CVE-2024-11425

CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver...

CVE-2024-11425

CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver...

CVE-2025-23677

Cross-Site Request Forgery CSRF vulnerability in DSmidge HTTP to HTTPS link changer by Eyga.net https-links-in-content allows Stored XSS.This issue affects HTTP to HTTPS link changer by Eyga.net: from n/a through = 0.2.4...

CVE-2025-23677 WordPress HTTP to HTTPS link changer by Eyga.net plugin <= 0.2.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in DSmidge HTTP to HTTPS link changer by Eyga.net https-links-in-content allows Stored XSS.This issue affects HTTP to HTTPS link changer by Eyga.net: from n/a through = 0.2.4...

CVE-2025-23677

CVE-2025-23677 is a Cross-Site Request Forgery (CSRF) vulnerability in the HTTP to HTTPS link changer by Eyga.net that enables Stored XSS. Public details originate from the Red Hat advisory and the NVD entry, which state the affected component is the Eyga.net HTTP to HTTPS link changer and that t...

WordPress HTTP to HTTPS link changer by Eyga.net plugin <= 0.2.4 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin HTTP to HTTPS link changer by Eyga.net versions = 0.2.4...

CVE-2023-37931

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability CWE-88 in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests...

[SECURITY] Fedora 41 Update: curl-8.9.1-3.fc41

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Medium: curl

Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...

CLSA-2024-1735064733 Fix CVE(s): CVE-2023-28708

SECURITY UPDATE: Missing secure attribute in session cookies with RemoteIpFilter - debian/patches/CVE-2023-28708.patch: Fix JSessionId secure attribute missing with RemoteIpFilter and X-Forwarded-Proto set to https - CVE-2023-28708...