7678 matches found
BIT-NODE-MIN-2021-22939
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...
CVE-2024-54492
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic...
CVE-2024-54492
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic...
CVE-2024-54492
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic...
CVE-2024-54492
CVE-2024-54492 concerns an issue where information sent over the network could be at risk due to lack of HTTPS in prior code paths. The vulnerability is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, and visionOS 2.2. Affected products include macOS and Apple mobile platfor...
PT-2025-11544 · Apple · Ios +1
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.2 iPadOS versions prior to 18.2 Description: A user in a privileged network position may be able to leak sensitive information. The issue was addressed by using HTTPS when sending information over the network...
Oracle Siebel Server (July 2024 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM component: Repository Utilities zlib. Supported versions that are affected...
Oracle Siebel Server <= 24.2 (July 2024 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM component: EAI, UI Apache Tomcat. Supported versions that are affected are...
CVE-2024-54147
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
CVE-2024-54147
The CVE-2024-54147 entry covers Altair GraphQL Client (desktop) prior to version 8.0.5, where the application does not validate HTTPS certificates. This weakness enables a man-in-the-middle on untrusted networks to intercept GraphQL request/response headers and bodies (including authorization tok...
CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
PT-2024-36071 · Altair · Altair Graphql Client
Name of the Vulnerable Software and Affected Versions: Altair GraphQL Client versions prior to 8.0.5 Description: The issue arises from the Altair GraphQL Client's desktop app not validating HTTPS certificates, allowing a man-in-the-middle to intercept all requests. This can compromise GraphQL...
Oracle Linux 8 : perl-App-cpanminus:1.7044 (ELSA-2024-10219)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-10219 advisory. - Patch the code to use https instead of http CVE-2024-45321 perl-CPAN-DistnameInfo perl-CPAN-Meta-Check perl-File-pushd perl-Module-CPANfile perl-Parse-PMFile...
Exploit for Uncontrolled Resource Consumption in Ietf Http
CVE-2023-44487 - HTTP/2 Rapid Reset Exploit PoC --- Desc...
perl-App-cpanminus:1.7044 security update
perl-App-cpanminus 1.7044-6 - Patch the code to use https instead of http CVE-2024-45321 perl-CPAN-DistnameInfo perl-CPAN-Meta-Check perl-File-pushd perl-Module-CPANfile perl-Parse-PMFile perl-String-ShellQuote perl-App-cpanminus 1.7044-6 - Patch the code to use https instead of http CVE-2024-453...
GHSA-V3W7-G6P2-MPX7 OpenShift Console Server Side Request Forgery vulnerability
A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...
EnGenius多款产品 安全漏洞
EnGenius ENH1350EXT and others are an outdoor wireless access point from EnGenius. A security vulnerability exists in several EnGenius products, which stems from an incorrect operation of the parameter httpsenable that can lead to command injection. The following products are affected: EnGenius...
perl-App-cpanminus security update
1.7044-14.1 - Patch the code to use https instead of http CVE-2024-45321 - Resolves: RHEL-56519...
CVE-2023-51634
NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this...