CVE-2024-31916

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026...

CVE-2024-31916

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026...

CVE-2024-31916

CVE-2024-31916 (IBM OpenBMC) affects OpenBMC versions FW1050.00–FW1050.10, where the BMCWeb HTTPS server component could disclose sensitive URI content to an unauthenticated user. Root cause: improper exposure in the HTTPS server that bypasses authentication channels. Impact is limited to sensiti...

CVE-2024-31916 IBM OpenBMC information disclosure

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026...

CVE-2024-31916 IBM OpenBMC information disclosure

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026...

CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack...

Security Bulletin: This Power System update is being released to address CVE-2024-31916

Summary This affects the BMC's HTTPS-based Redfish interface. Note the BMC's web-based ASMI interface uses the Redfish interface. Vulnerability Details CVEID:CVE-2024-31916 DESCRIPTION: IBM OpenBMC's BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that...

Malicious code in simple-discord-https (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6012 Malicious code in simple-discord-https (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in requests-https (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in httpsrequestsfast (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in fastapi-https (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Paradox IP150 Internet Module Cross-Site Request Forgery Link: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01ParadoxCrossSiteRequestForgery Vulnerability Overview The Paradox IP150 Internet Module in version 1.40.00 i...

Westermo L210-F2G

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Westermo Equipment : L210-F2G Lynx Vulnerabilities : Cleartext Transmission of Sensitive Information, Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation of...

U.S. Dept Of Defense: █████████ (Android): Vulnerable to Javascript Injection and Open redirect

A vulnerability was discovered in the WebView components of two apps, ████ and ██████████, which allowed an attacker to execute JavaScript and open any URL through a link or a malicious app. The root cause of this issue was that certain activities were exported and set as browsable, exposing them...

urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects

When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

Payroll Management System 1.0 Remote Code Execution

Exploit Title: Payroll Management System v1.0 RCE Unauthenticated Google Dork: intitle:"Employee's Payroll Management System" Date: 16/06/2024 Exploit Author: ShellUnease Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

OPENSUSE-SU-2024:10239-1 perl-LWP-Protocol-https-6.06-1.4 on GA media

These are all security issues fixed in the perl-LWP-Protocol-https-6.06-1.4 package on the GA media of openSUSE Tumbleweed...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : unbound (SUSE-SU-2024:1991-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1991-1 advisory. unbound was updated to 1.20.0: A lot of bugfixes and added features. For a complete list take a...