CVE-2023-51634

CVE-2023-51634 affects NETGEAR RAX30 routers. The vulnerability lies in the HTTPS file-download path, where server certificate validation is improperly performed, allowing network-adjacent attackers to exploit it without authentication and execute arbitrary code with root privileges. Documented i...

CVE-2023-51634 NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability

NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this...

Cache Poisoning

libcurl.so is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of HSTS cache entries in curl, where a subdomain’s HSTS expiry time can overwrite the parent domain's cache entry, causing incorrect HTTPS timeout handling. It allows an attacker to trigger insecure HTTP...

CVE-2022-20656

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system. This vulnerability is due...

CVE-2022-20656 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system. This vulnerability is due...

CVE-2022-20656 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system. This vulnerability is due...

OESA-2024-2389 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later th...

MAL-2024-10701 Malicious code in htp-https (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c2627fae79f21d1e7b7ad7f9e9ebca90c821733e520f78eb372c1ca2bd247bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in htp-https (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c2627fae79f21d1e7b7ad7f9e9ebca90c821733e520f78eb372c1ca2bd247bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ROS-20241112-10

A vulnerability in the cross-platform BitTorrent client qBittorrent is related to the use of https URLs even after certificate validation errors. Exploitation of the vulnerability could allow an attacker acting remotely to access sensitive data and compromise their integrity. remotely to gain...

Updated curl packages fix security vulnerability

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

MGASA-2024-0360 Updated curl packages fix security vulnerability

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

CVE-2024-32117

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a...

CVE-2023-47543

An authorization bypass through user-controlled key vulnerability CWE-639 in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests...

CVE-2023-47543

An authorization bypass through user-controlled key vulnerability CWE-639 in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests...

CVE-2023-47543

An authorization bypass through user-controlled key vulnerability CWE-639 in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests...

CVE-2023-47543

CVE-2023-47543 affects Fortinet FortiPortal versions 7.0.0 through 7.0.3, due to an authorization bypass via a user-controlled key vulnerability (CWE-639). An authenticated attacker could interact with resources of other organizations by sending HTTP/HTTPS requests. The connected PT-security entr...

CVE-2024-32117

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a...

CVE-2024-32117

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a...

CVE-2024-32117

The CVE-2024-32117 entry describes a path traversal (CWE-22) vulnerability in Fortinet products impacting file access. Affected are: FortiManager 7.4.0–7.4.2 and below 7.2.5, FortiAnalyzer 7.4.0–7.4.2 and below 7.2.5, and FortiAnalyzer-BigData 7.4.0 and below 7.2.7 . The issue allows a privileged...