7682 matches found
CVE-2023-40729
CVE-2023-40729 affects Siemens QMS Automotive: all versions prior to V12.39 are vulnerable due to unencrypted (HTTPS-free) communications, enabling MITM manipulation or theft of confidential data. Connected documents confirm the issue in QMS Automotive and specify the root cause as lack of securi...
USN-6237-3: curl vulnerabilities
USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote...
Cisco ASA and FTD Security Vulnerabilities
Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A security vulnerability exists in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software that stems from improper separation of authentication,...
Medium: qt5-qtbase
Issue Overview: QT-based clients may mismatch HSTS headers Strict-Transport-Security, which would prevent the client from switching to a secure HTTPS connection as requested by a server. CVE-2023-32762 Affected Packages: qt5-qtbase Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2023-2707)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
tomcat: not including the secure attribute causes information disclosure
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...
Session fixation
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4654
The CVE-2023-4654 issue affects instantsoft/icms2 prior to 2.16.1, where an HTTPS session cookie is marked without the Secure attribute. Multiple sources (NVD entry, Red Hat advisory) corroborate this description. The root cause is the missing Secure flag on a session cookie, enabling potential c...
CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...
CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...
PT-2023-30070 · Unknown · Instantsoft/Icms2
Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1 Description: The issue concerns a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute. This problem is identified in the GitHub repository instantsoft/icms2. Recommendations: For...
Azul Zulu Java Multiple Vulnerabilities (CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399)
The version of Azul Zulu installed on the remote host is prior to 6 6.51 / 7 7.57.0.14 / 8 8.65.0.14 / 11 11.59.16 / 13 13.51.14 / 15 15.43.14 / 17 17.37.14 / 19 19.30.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022-10-18 advisory. Vulnerability in the Oracle...
How to access http://director/Citrix/Monitor/OData/v3 in HTTPS
Accessinghttp://director/Citrix/Monitor/OData/v3 in HTTPS...
[SECURITY] Fedora 37 Update: caddy-2.6.4-1.fc37
Caddy is the web server with automatic HTTPS...
[SECURITY] Fedora 38 Update: caddy-2.6.4-1.fc38
Caddy is the web server with automatic HTTPS...
Fedora: Security Advisory for caddy (FEDORA-2023-4926525509)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for caddy (FEDORA-2023-74e5545901)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Authorization Bypass
perl-lwp-protocol-https is vulnerable to Authorization Bypasses. This vulnerability exists due to a flaw in the way the LWP::Protocol::https module handles certain environment variables. A remote attacker can exploit this vulnerability to disable certificate validation, which could allow them to...
PSF-2023-8 Bypass TLS handshake on closed sockets
Instances of ssl.SSLSocket are vulnerable to a bypass of the TLS handshake and included protections like certificate verification and treating sent unencrypted data as if it were post-handshake TLS encrypted data. The vulnerability is caused when a socket is connected, data is sent by the malicio...