Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-59025)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a resource management error vulnerability that can be exploited by an attacker to trigger post-release reuse when creating a WebRTC connection over HTTPS...

CVE-2023-31190

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which t...

CVE-2023-31190 Missing TLS (HTTPS) certificate validation during firmware update in DroneScout ds230 Remote ID receiver from BlueMark Innovations

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which t...

OESA-2023-1420 perl-CPAN security update

The CPAN module automates or at least simplifies the make and install of perl modules and extensions. It includes some primitive searching capabilities and knows how to use LWP, HTTP::Tiny, Net::FTP and certain external download clients to fetch distributions from the net. The CPAN module also...

SUSE CVE-2023-37201

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...

Security Bulletin: A Vulnerability in python-requests affects IBM InfoSphere Information Server (CVE-2023-32681)

Summary Python-requests is used by IBM InfoSphere Information Server. An information disclosure vulnerability in python-requests was addressed. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the...

CVE-2023-3520

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...

Session fixation

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...

CVE-2023-3520

The CVE-2023-3520 entry describes a vulnerability in OpenITCOCKPIT (GitHub repo it-novum/openitcockpit) prior to version 4.6.6 where HTTPS session cookies lack the Secure attribute. This could expose sensitive cookie data in transit. Affected component: session cookies handling in OpenITCOCKPIT; ...

CVE-2023-3520 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in it-novum/openitcockpit

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...

CVE-2023-3520 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in it-novum/openitcockpit

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...

CVE-2023-3520 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in it-novum/openitcockpit

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...

PT-2023-25193 · Unknown · Openitcockpit

Name of the Vulnerable Software and Affected Versions: openitcockpit versions prior to 4.6.6 Description: The issue concerns a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute. This could potentially allow unauthorized access to sensitive information. Recommendations: For...

CVE-2023-2538

A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform...

Hardcoded credentials

A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform...

CVE-2023-2538 TLS Private Key Accessible to External Parties

A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform...

CVE-2023-2538 TLS Private Key Accessible to External Parties

A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform...

CVE-2023-37201

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...

DEBIAN-CVE-2023-37201

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...

Race condition

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...