7690 matches found
CVE-2021-34599
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the serv...
Input validation
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the serv...
CVE-2021-34599 Improper Certificate Validation in CODESYS Git
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the serv...
HSTS Missing From HTTPS Server (RFC 6797) for DDC servers
Security team running Nessus scans are reporting they are being notified of a finding on their controllers - HSTS Missing From HTTPS Server - Nessus Plugin ID 84502 which is a medium finding...
pcmedia.org Cross Site Scripting vulnerability OBB-2274271
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
httpd:2.4 security, bug fix, and enhancement update
httpd 2.4.37-41.0.1 - Add checks on the configured UDS path Orabug: 33412270CVE-2021-40438 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-41 - Resolves: 1680111 - httpd sends reply to HTTPS GET using two TLS records -...
CentOS 8 : spamassassin (CESA-2021:4315)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:4315 advisory. - spamassassin: Malicious rule configuration files can be configured to run system commands CVE-2020-1946 Note that Nessus has not tested for this issue but has...
Mozilla Firefox Security Advisory (MFSA2013-27) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services
Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services. Vulnerability Details CVEID: CVE-2021-22939 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. If the https API was used...
Ddosify - High-performance Load Testing Tool
Features Protocol Agnostic - Currently supporting HTTP, HTTPS, HTTP/2. Other protocols are on the way. Scenario-Based - Create your flow in a JSON file. Without a line of code! Different Load Types - Test your system's limits across different load types. Installation ddosify is available via...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in getgrav/grav
✍️ Description The secure flag is not set for session cookies in the application. 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an...
[SECURITY] Fedora 35 Update: curl-7.79.1-1.fc35
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
Cisco Firepower Management Center Software Authenticated Directory Traversal (cisco-sa-fmc-dir-traversal-95UyW5tk)
The version of Cisco Firepower Management Center installed on the remote host is affected by a directory traversal vulnerability as referenced in the cisco-sa-fmc-dir-traversal-95UyW5tk advisory. An authenticated, remote attacker can exploit this, by sending a crafted HTTPS request that contains...
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI...
SAP NetWeaver Remote Code Execution Vulnerability
SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request...
Cisco Firepower Threat Defense Software Web Services Multiple DoS (cisco-sa-asafdt-webvpn-dos-KSqJAKPA)
According to its self-reported version, Cisco FTD Software is affected by multiple vulnerabilities. - Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote...
Cisco Adaptive Security Appliance Software Web Services Multiple DoS (cisco-sa-asafdt-webvpn-dos-KSqJAKPA)
According to its self-reported version, Cisco ASA Software is affected by multiple vulnerabilities. - Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote...
CVE-2021-34762
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to...
CVE-2021-34762
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to...
Directory traversal
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to...