7681 matches found
CVE-2023-40720
An authorization bypass through user-controlled key vulnerability CWE-639 in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests...
CVE-2023-40720
CVE-2023-40720 affects FortiVoice Enterprise (FortiVoiceEntreprise) versions 7.0.0–7.0.1 and before 6.4.8, where an authenticated attacker can bypass authorization via a user-controlled key to read other users’ SIP configurations by crafted HTTP/HTTPS requests. Root cause described as CWE-639 (au...
CVE-2024-25581
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...
CVE-2024-25581
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...
DEBIAN-CVE-2024-25581
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...
CVE-2024-25581
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...
CVE-2024-25581
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...
CVE-2024-25581
DNSDIST vulnerability CVE-2024-25581: When DNS over HTTPS is enabled (nghttp2 provider) and queries are routed to a tcp-only or DoT backend, an attacker can trigger an assertion failure by requesting a zone transfer (AXFR/IXFR) over DoH, causing the process to crash and a DoS. DoH is not enabled ...
CVE-2024-25581
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...
"HTTP protocol is not supported, please use HTTPS." Error When Adding Object Storage
Challenge When attempting to add an S3-compatible Object Storage Repository, the wizard displays the error: HTTP protocol is not supported, please use HTTPS. If the service point is then modified to change to HTTPS, the wizard then displays the error: Failed to retrieve certificate from...
dnsdist -- Transfer requests received over DoH can lead to a denial of service
PowerDNS Security Advisory reports: When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over...
RHEL 5 : firefox (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - firefox: Use-after-free in compositor potentially allows code execution CVE-2018-5148 - An integer overfl...
RHEL 6 : python-requests (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-18074 - Reques...
WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress Plugin <= 4.5.3 is vulnerable to Sensitive Data Exposure
Software SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress Type Plugin Vulnerable versions = 4.5.3 Fixed in 4.6.0 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-1076 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...
SUSE CVE-2024-34447
An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73.6 and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname as happens...
Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution
More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which...
CVE-2023-35721
NETGEAR Multiple Routers curlpost Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required t...
CVE-2023-35721 NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability
NETGEAR Multiple Routers curlpost Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required t...
CVE-2023-35721 NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability
NETGEAR Multiple Routers curlpost Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required t...
CVE-2023-35721
CVE-2023-35721 affects NETGEAR routers. The vulnerability stems from improper certificate validation in the update/HTTPS channel, allowing network-adjacent attackers to execute arbitrary code with root privileges by exploiting the update functionality. The issue is exploitation requires no authen...