GHSA-6CF6-8HVR-R68W dectalk-tts Uses Unencrypted HTTP Request

Impact In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle MITM attack. Theft Because dectalk-tts is ...

dectalk-tts Uses Unencrypted HTTP Request

Impact In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle MITM attack. Theft Because dectalk-tts is ...

Oracle Linux 8 : curl (ELSA-2024-1601)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1601 advisory. - unify the upload/method handling CVE-2023-28322 - fix cookie injection with none file CVE-2023-38546 Tenable has extracted the preceding description...

CVE-2024-1522

CVE-2024-1522 affects the parisneo/lollms-webui project. The vulnerability is a CSRF in the /execute_code endpoint that fails to validate requests, allowing an attacker to craft a malicious page that submits commands to the victim's local lollms-webui instance and execute arbitrary OS commands. T...

Curl 8.5.0 < 8.7.0 TLS Certificate Check Bypass (CVE-2024-2466)

The version of Curl installed on the remote host is between 8.5.0 and prior to 8.7.0. It is, therefore, affected by a certificate check bypass vulnerability. libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcu...

Security Bulletin: This Power System update is being released to address CVE-2022-4304

Summary The OpenSSL RSA Decryption timing-based side channel attack affects BMC's HTTPS and SSH connections. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...

Security Bulletin: This Power System update is being released to address CVE-2022-4450

Summary This affects the BMC administrator function to upload HTTPS certificates. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbioex function. ...

USN-6718-2: curl vulnerability

USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote...

USN-6718-1: curl vulnerabilities

Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. CVE-2024-2004 It was discovered that curl incorrectly handled memory when limiti...

CVE-2024-2466

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...

CURL-CVE-2024-2466 TLS certificate check bypass with mbedTLS

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...

CVE-2024-2466 TLS certificate check bypass with mbedTLS

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...

CVE-2024-2466 TLS certificate check bypass with mbedTLS

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...

CVE-2024-2466

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...

brasseler.marcant.net Cross Site Scripting vulnerability OBB-3876483

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Important: squid

Issue Overview: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no know...

Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers

Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike. "The malicio...

CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

CVE-2024-28849 Proxy-Authorization header kept across hosts in follow-redirects

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

CVE-2024-28849

Summary: CVE-2024-28849 affects the follow-redirects library (Node.js) used as a drop-in replacement for Node's http/https. The issue is that on cross-domain redirects, the authorization header is cleared but the proxy-authentication header, which may contain credentials, is not cleared, risking ...