CVE-2023-23127

CVE-2023-23127 affects ConnectWise Control version 22.8.10013.8329 where the login page does not implement HSTS, so HTTPS is not enforced. The vendor states this can be controlled by a configuration option to use HTTP during troubleshooting. Documented impact indicates a partial risk to confident...

CVE-2023-23127

In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP rather than HTTPS during troubleshooting...

Ubuntu: Security Advisory (USN-4796-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-3438 · NetGear · Netgear Routers

Name of the Vulnerable Software and Affected Versions: NETGEAR Multiple Routers affected versions not specified Description: This issue allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. The specific flaw...

Siemens Desigo PXC and DXR Devices Sensitive Cookie in Https Session Without Secure Attribute (CVE-2022-24045)

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The application, after a successful login, sets the session cookie on the browser...

firefox security update

102.7.0-1.0.1 - Updated homepages to use https Orabug: 34648274 102.7.0-1 - Update to 102.7.0 build1 102.6.0-2 - Add firefox-x11 subpackage to allow explicit run of firefox under x11 on RHEL9...

firefox security update

102.7.0-1.0.1 - Updated homepages to use https Orabug: 34648274 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 102.7.0-1 - Update to 102.7.0 build1 102.6.0-2 - Add firefox-x11 subpackage to allow explicit run of firefox under x11 on...

RHEL 9 : curl (RHSA-2023:0333)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0333 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, a...

CVE-2023-21826

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications component: Reporting. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracl...

CVE-2023-21826

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications component: Reporting. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracl...

Buffer overflow

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications component: Reporting. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracl...

Buffer overflow

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications component: Reporting. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracl...

python-scciclient: missing server certificate verification

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

Information Disclosure

pyloadng is vulnerable to Information Disclosure. The absence of the secure attribute for sensitive cookies in HTTPS sessions allows a remote attacker to gain access to cookies in plaintext over an HTTP session...

Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-ftd-mgmt-privesc-7GqR2th)

A vulnerability in the management web server of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly...

CVE-2023-22599

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These...

CVE-2023-22599

InRouter 302 (all versions prior to IR302 V3.5.56) and InRouter 615 (all versions prior to InRouter6XX-S-V2.3.0.r5542) are affected by CWE-760: Use of a One-way Hash with a Predictable Salt. The MQTT credentials are encoded using a hardcoded string in an MD5 hash, which an unauthenticated attacke...

CVE-2017-14454

Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A...

CVE-2017-14454

Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A...

CVE-2017-14454

Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A...