7681 matches found
CVE-2024-20501
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...
CVE-2024-20499
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...
CVE-2024-20498
CVE-2024-20498 describes multiple DoS vulnerabilities in the Cisco AnyConnect VPN server used by Cisco Meraki MX and Z Series Teleworker Gateway devices. The flaws arise from insufficient validation/resource management while establishing SSL/TLS VPN sessions and handling client-supplied parameter...
CVE-2024-20498
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...
PT-2024-18670 · Cisco · Cisco Meraki Z Series Teleworker Gateway +2
Name of the Vulnerable Software and Affected Versions: Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices affected versions not specified Description: A vulnerability in the Cisco AnyConnect VPN server could allow an unauthenticated, remote attacker to cause a DoS condition on a...
Synology DiskStation Manager Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CVE-2020-27650)
Synology DiskStation Manager DSM before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. This plugin only works with Tenable.ot. Please...
Synology DiskStation Manager Use of Insufficiently Random Values (CVE-2018-13280)
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non- HTTPS sessions via unspecified vectors. This plugin only works with Tenable.ot. Please visit...
CVE-2024-47530
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...
CVE-2024-47530 Scout contains an Open Redirect on Login via `next`
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...
CVE-2024-47530 Scout contains an Open Redirect on Login via `next`
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...
CVE-2024-47530
CVE-2024-47530 affects gstreamer-plugins-good in SUSE open advisories. The connected documents specify the vulnerability as an uninitialized stack memory issue in the Matroska/WebM demuxer, with multiple SUSE advisories (SUSE-SU-2025:0063-1, SUSE-SU-2025:0064-1, SUSE-SU-2025:0067-1) listing this ...
CVE-2024-47530 Scout contains an Open Redirect on Login via `next`
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...
CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174
CVE-2024-47174 affects Nix’s fetchurl/builtin:fetchurl in versions 1.11 through before 2.18.8 and 2.24.8, where TLS certificates were not verified on HTTPS, risking leakage of full URLs and credentials (e.g., from netrc) under MITM. TOFU-style hash misupdates could also be abused. Affected compon...
CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174 Credential leak when credentials are used with `<nix/fetchurl.nix>`
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
CVE-2024-47174
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...
Security Bulletin: Vulnerability in Python affects IBM watsonx.data
Summary Requests have been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent through the tunnel, the proxy will identify...
WordPress WP Free SSL plugin <= 1.2.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin WP Free SSL – Free SSL Certificate for WordPress and force HTTPS versions = 1.2.7...
CVE-2024-46725
creationtimestamp| type| source ---|---|--- 2024-09-18 10:02:18+00:00| seen| https://t.me/cvedetector/5924 2025-08-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07 2025-12-03 14:14:49+00:00| seen|...