7691 matches found
CVE-2021-22939
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...
CVE-2021-22939
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...
Fedora: Security Advisory for curl (FEDORA-2021-5d21b90a30)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OpenSSL: DoS Vulnerability (CVE-2004-0112) - Windows
OpenSSL is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...
AlanFramework - A Post-Exploitation Framework
Alan Framework is a post-exploitation framework useful during red-team activities. If you find my tool useful, please consider tosponsor me. Sponsored users have access to early releases and non public content. You can download the binary from:...
CVE-2021-22939
A flaw was found in Node.js. If the Node.js HTTPS API is used incorrectly and "undefined" is passed for the "rejectUnauthorized" parameter, no error is returned, and the connections to servers with an expired certificate are accepted. The highest threat from this vulnerability is to integrity...
IPCop 2.1.9 - Remote Code Execution (Authenticated) Exploit
Exploit Title: IPCop 2.1.9 - Remote Code Execution RCE Authenticated Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipcop.org/ Software Link: https://sourceforge.net/projects/ipcop/files/IPCop/IPCop%202.1.8/ipcop-2.1.8-install-cd.i486.iso -...
CVE-2021-38148
Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs...
[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
CVE-2021-29974
When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security which implies that the error should not be override-able. This issue did not...
CVE-2021-29974
When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security which implies that the error should not be override-able. This issue did not...
What is Tor?
Tor, The Onion Router Tor The Onion Router is free software used to keep your online communications safe and secure from outside observers. It’s designed to block tracking and eavesdropping, resist fingerprinting where services tie your browser and device information to an identity, and to hide t...
Chrome casts away the padlock—is it good riddance or farewell?
It’s been an interesting journey for security messaging where browsers are concerned. Back in the day, many of the websites you’d visit on a daily basis weren’t secure. By secure, I mean that they didnt use HTTPS. There was no padlock, which meant that the traffic between you and the website wasn...
USN-5021-1: curl vulnerabilities
Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. CVE-2021-22898, CVE-2021-22925 Har...
CVE-2021-2358
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Rest interfaces for Access Mgr. The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Acces...
Design/Logic Flaw
Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: Siebel Core - Server Infrastructure. Supported versions that are affected are 21.5 and Prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Siebel CRM. Successf...
Oracle Enterprise Manager Cloud Control (Jul 2021 CPU)
The 13.4.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory. - Vulnerability in the StorageTek Tape Analytics SW Tool product of Oracle Systems component: Software dom4j. The supported...
Security update for nextcloud (important)
openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1068-1 Rating: important References: 1181445 1181803 1181804 1188247 1188248 1188249 1188250 1188251 1188252 1188253 1188254 1188255 1188256 Cross-References: CVE-2020-8293 CVE-2020-8294 CVE-2020-8295...
CVE-2021-2368
Vulnerability in the Siebel CRM product of Oracle Siebel CRM component: Siebel Core - Server Infrastructure. Supported versions that are affected are 21.5 and Prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Siebel CRM. Successf...
CVE-2021-2368
CVE-2021-2368 affects Oracle Siebel CRM (Siebel Core - Server Infrastructure). Affected: Siebel CRM version 21.5 and earlier. Description: unauthenticated attacker over HTTPS can access or compromise data; impact is unauthorized access to data. Connected sources also reference additional context ...