WordPress Free SSL Certificate Plugin, HTTPS Redirect, Renewal Reminder – Auto-Install Free SSL Plugin < 3.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Free SSL Certificate Plugin, HTTPS Redirect, Renewal Reminder – Auto-Install Free SSL Type Plugin Vulnerable versions 3.6.0 Fixed in 3.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Clai...

EulerOS 2.0 SP10 : perl (EulerOS-SA-2023-2390)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 Note that Tenable Network Security...

CVE-2023-3581 WebSockets accept connections from HTTPS origin

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

CVE-2023-3581 WebSockets accept connections from HTTPS origin

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

firefox security update

102.13.0-2.0.1 - Updated homepages to use https Orabug: 34648274 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 102.13.0-2 - Update to 102.13.0 build2 102.13.0-1 - Update to 102.13.0 build1...

firefox security update

102.13.0-2.0.1 - Updated homepages to use https Orabug: 34648274 102.13.0-2 - Update to 102.13.0 build2 102.13.0-1 - Update to 102.13.0 build1...

Oracle Linux 8 : firefox (ELSA-2023-4076)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4076 advisory. 102.13.0-2.0.1 - Updated homepages to use https Orabug: 34648274 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the...

CVE-2023-37268

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...

Authentication flaw

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...

Security Bulletin: IBM InfoSphere Information Server is affected but not vulnerable to multiple vulnerabilities in Undertow

Summary Multiple vulnerabilities in Undertow used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-1259 DESCRIPTION: Undertow is vulnerable to a denial of service, caused by a potential security issue in flow control over HTTP/2. By sending a...

CVE-2023-37268

CVE-2023-37268 affects Warpgate, a Linux bastion host providing SSH/HTTPS/MySQL access. The issue allows an attacker to log in as another user when the attacker’s account uses SSO, enabling credential-forgery if the target account has no second factor. The root cause is an authorization flaw tied...

CVE-2023-37268 User login confusion with SSO in warpgate

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...

CVE-2023-37268 User login confusion with SSO in warpgate

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...

CVE-2023-37268 User login confusion with SSO in warpgate

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...

lacantinedememe.fr Cross Site Scripting vulnerability OBB-3515361

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Mozilla: Use-after-free in WebRTC certificate generation

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...

Mozilla: Use-after-free in WebRTC certificate generation

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...

Mozilla: Use-after-free in WebRTC certificate generation

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...

Mozilla: Use-after-free in WebRTC certificate generation

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...

Mozilla: Use-after-free in WebRTC certificate generation

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...