GHSA-R3JQ-4R5C-J9HP Taipy has a Session Cookie without Secure and HTTPOnly flags

Summary Session cookie is without Secure and HTTPOnly flags. Details Please take a look at this part of code PoC screenshot or check code directly provided in Occurrences section below Occurrences: https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsxL6...

CVE-2024-43411

CVE-2024-43411 affects CKEditor 4.22 and later with the “version notifications” feature enabled (note: this feature is disabled by default in all CKEditor 4 LTS versions). In a highly unlikely scenario where an attacker gains control of the https://cke4.ckeditor.com domain, they could potentially...

CVE-2024-43411 CKEditor4 has a low risk cross-site scripting (XSS) vulnerability from domain takeover

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...

F5 Networks BIG-IP : Python urllib3 vulnerability (K000140711)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000140711 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the...

RHEL 8 : wget (RHSA-2024:5299)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:5299 advisory. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input ma...

Moderate: Red Hat Security Advisory: wget security update

An update for wget is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

ALSA-2024:5299 Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

Johnson Controls exacqVision Web Service < 24.06 Multiple Vulnerabilities

The version of the Johnson Controls exacqVision Web Service running on the remote host is prior to 24.03. It is, therefore, affected by multiple vulnerabilities. - Under certain circumstances the exacqVision Web Services does not provide sufficient protection from untrusted domains. CVE-2024-3286...

Moderate: Red Hat Security Advisory: wget security update

An update for wget is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as havi...

Fedora: Security Advisory (FEDORA-2024-a7976ba89f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : wget (RHSA-2024:4998)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4998 advisory. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input ma...

USN-6944-1: curl vulnerability

Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents...

CVE-2024-32864

Under certain circumstances exacqVision Web Services will not enforce secure web communications HTTPS...

CVE-2024-32864 exacqVison - HTTPS Session Establishment

Under certain circumstances exacqVision Web Services will not enforce secure web communications HTTPS...

Dahua ASI7213X-T1 Generation of Error Message Containing Sensitive Information (CVE-2022-30562)

If the user enables the https function on the device, an attacker can modify the user's request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. This plugin only works wit...

CVE-2024-6922

Automation Anywhere Automation 360 is affected by an unauthenticated Server-Side Request Forgery (SSRF) in its web API component for v21–v32. The issue allows an attacker with access to the Control Room (HTTPS/HTTP) to elicit arbitrary requests from the server, potentially reaching internal servi...

Unencrypted Data Transmission

Puncia is vulnerable to Unencrypted Data Transmission. The vulnerability is due to utilizing HTTP instead of HTTPS for communication, which could allow an attacker eavesdrops, perform data tampering, or access unauthorized data...

CVE-2024-41124 Puncia Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`

Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. APIURLS is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by...

CVE-2024-41124 Puncia Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`

Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. APIURLS is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by...