Siemens SINEC NMS < V1.0 SP2 Update 1 Multiple Vulnerabilities

The version of Siemens SINEC NMS installed on the remote host is prior to 1.0.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-892048 advisory. - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to...

RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2707 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

Denial Of Services (DoS)

openjdk is vulnerable to Denial Of Services DoS. An attacker can cause a hang or frequently repeatable crash through the malicious HTTPS requests...

RockMongo 1.1.7 - Stored Cross-Site Scripting Vulnerability

Exploit Title: RockMongo 1.1.7 - Stored Cross-Site Scripting XSS Discovery by: Rafael Pedrero Vendor Homepage: https://github.com/iwind/rockmongo/ Software Link : https://github.com/iwind/rockmongo/ Tested Version: 1.1.7 Tested on: Windows 7 and 10 Vulnerability Type: Stored Cross-Site Scripting...

undertow: Server identity in https connection is not checked by the undertow client

A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step that should at least be performed by default in HTTPS and in http/2...

Google Android Input Validation Error Vulnerability (CNVD-2023-43881)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an input validation error vulnerability that originates in the PowerVRSRVBridgePhysmemImportSparseDmaBuf component of the PowerVR kernel driver component where the lack of size checking means tha...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1715)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: tomcat

Issue Overview: When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. CVE-2017-12616 When using the RemoteIpFilter with...

CVE-2022-43551 - HSTS check could be bypassed to trick it to keep using HTTP.

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser from Google, an American company. An input validation error vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from insufficient DevTools data validation. A remote attacker can exploit this vulnerability by sending a malicious HTTP...

economia.com.mx Cross Site Scripting vulnerability OBB-3283516

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

AZL-37126 CVE-2023-31484 affecting package perl for versions less than 5.34.1-489

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

Design/Logic Flaw

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

CVE-2023-31484

CVE-2023-31484 affects CPAN.pm (and CPAN::HTTP::Client) prior to version 2.35, where TLS certificates were not verified when downloading distributions over HTTPS, enabling potential MITM. Public advisories across Debian, AlmaLinux, Amazon Linux, and Cloud Foundry confirm this issue and its fix: C...

Offchain resolver can be subject to man in the middle attacks

Lines of code Vulnerability details Description Calls to the offchain resolver are produced by the code below: function resolve bytes calldata name, bytes calldata data external view returns bytes memory string memory urls = new string; urls0 = gatewayURL; revert OffchainLookup addressthis, urls,...

CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...