Lucene search
K

7690 matches found

OSV
OSV
added 2021/12/01 9:15 a.m.4 views

CVE-2021-34599

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the serv...

7.4CVSS5.8AI score0.00459EPSS
Exploits0References1
Prion
Prion
added 2021/12/01 9:15 a.m.16 views

Input validation

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the serv...

5.8CVSS7.3AI score0.00459EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/01 9:0 a.m.21 views

CVE-2021-34599 Improper Certificate Validation in CODESYS Git

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the serv...

7.4CVSS7.5AI score0.00459EPSS
Exploits0References1
Citrix
Citrix
added 2021/11/24 12:0 a.m.9 views

HSTS Missing From HTTPS Server (RFC 6797) for DDC servers

Security team running Nessus scans are reporting they are being notified of a finding on their controllers - HSTS Missing From HTTPS Server - Nessus Plugin ID 84502 which is a medium finding...

7.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/11/16 10:43 a.m.9 views

pcmedia.org Cross Site Scripting vulnerability OBB-2274271

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Oracle linux
Oracle linux
added 2021/11/16 12:0 a.m.76 views

httpd:2.4 security, bug fix, and enhancement update

httpd 2.4.37-41.0.1 - Add checks on the configured UDS path Orabug: 33412270CVE-2021-40438 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-41 - Resolves: 1680111 - httpd sends reply to HTTPS GET using two TLS records -...

9CVSS7.8AI score0.99999EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2021/11/11 12:0 a.m.39 views

CentOS 8 : spamassassin (CESA-2021:4315)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:4315 advisory. - spamassassin: Malicious rule configuration files can be configured to run system commands CVE-2020-1946 Note that Nessus has not tested for this issue but has...

10CVSS7.4AI score0.06132EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.19 views

Mozilla Firefox Security Advisory (MFSA2013-27) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

4CVSS6.5AI score0.013EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/09 5:59 p.m.34 views

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services. Vulnerability Details CVEID: CVE-2021-22939 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. If the https API was used...

5.3CVSS1.5AI score0.1473EPSS
Exploits1Affected Software1
Kitploit
Kitploit
added 2021/11/09 11:30 a.m.27 views

Ddosify - High-performance Load Testing Tool

Features Protocol Agnostic - Currently supporting HTTP, HTTPS, HTTP/2. Other protocols are on the way. Scenario-Based - Create your flow in a JSON file. Without a line of code! Different Load Types - Test your system's limits across different load types. Installation ddosify is available via...

6.9AI score
Exploits0References7
Huntr
Huntr
added 2021/11/03 5:51 p.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in getgrav/grav

✍️ Description The secure flag is not set for session cookies in the application. 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an...

0.2AI score0.01624EPSS
Exploits0References1
Fedora
Fedora
added 2021/11/03 1:12 a.m.57 views

[SECURITY] Fedora 35 Update: curl-7.79.1-1.fc35

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

9.1CVSS8.5AI score0.06216EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2021/11/03 12:0 a.m.22 views

Cisco Firepower Management Center Software Authenticated Directory Traversal (cisco-sa-fmc-dir-traversal-95UyW5tk)

The version of Cisco Firepower Management Center installed on the remote host is affected by a directory traversal vulnerability as referenced in the cisco-sa-fmc-dir-traversal-95UyW5tk advisory. An authenticated, remote attacker can exploit this, by sending a crafted HTTPS request that contains...

8.1CVSS8AI score0.01908EPSS
Exploits0References4
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.24 views

Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability

Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI...

10CVSS8.9AI score0.99999EPSS
In wildExploits22
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.22 views

SAP NetWeaver Remote Code Execution Vulnerability

SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request...

10CVSS9.5AI score0.1745EPSS
In wildExploits0
Tenable Nessus
Tenable Nessus
added 2021/10/29 12:0 a.m.41 views

Cisco Firepower Threat Defense Software Web Services Multiple DoS (cisco-sa-asafdt-webvpn-dos-KSqJAKPA)

According to its self-reported version, Cisco FTD Software is affected by multiple vulnerabilities. - Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote...

8.6CVSS7.3AI score0.01307EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2021/10/29 12:0 a.m.42 views

Cisco Adaptive Security Appliance Software Web Services Multiple DoS (cisco-sa-asafdt-webvpn-dos-KSqJAKPA)

According to its self-reported version, Cisco ASA Software is affected by multiple vulnerabilities. - Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote...

8.6CVSS7.3AI score0.01307EPSS
Exploits0References8
NVD
NVD
added 2021/10/27 7:15 p.m.17 views

CVE-2021-34762

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to...

8.1CVSS0.01908EPSS
Exploits0References1
OSV
OSV
added 2021/10/27 7:15 p.m.3 views

CVE-2021-34762

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to...

8.1CVSS5.9AI score0.01908EPSS
Exploits0References1
Prion
Prion
added 2021/10/27 7:15 p.m.18 views

Directory traversal

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to...

5.5CVSS7.9AI score0.01908EPSS
Exploits0References1Affected Software3
Rows per page
Query Builder