CVE-2023-50327

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109...

Alibaba Cloud Linux 3 : 0268: perl-App-cpanminus:1.7044 (ALINUX3-SA-2024:0268)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2024:0268 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-45321: The App::cpanminus package through...

Security Bulletin: Multiple vulnerabilities affect PowerSC and PowerSC MFA

Summary There are multiple vulnerabilities in PowerSC and PowerSC MFA. Vulnerability Details CVEID:CVE-2023-50939 DESCRIPTION: IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:...

phpIPAM 安全漏洞

phpIPAM is the phpIPAM open source suite of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM versions 1.5.0 through 1.6.0 that stems from the application including HTTP request data in an insecure manner in the response when it is...

RLSA-2024:10218 Moderate: perl-App-cpanminus security update

Why? It's dependency free, requires zero configuration, and stands alone but it's maintainable and extensible with plug-ins and friendly to shell scripting. When running, it requires only 10 MB of RAM. Security Fixes: perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution...

CVE-2024-13872

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...

CVE-2024-13872 Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...

PT-2025-11033 · Bitdefender · Bitdefender Box

Name of the Vulnerable Software and Affected Versions: Bitdefender Box versions 1.3.11.490 through 1.3.11.505 Description: The issue concerns the use of the insecure HTTP protocol to download assets over the Internet for updating and restarting daemons and detection rules on devices. Updates can ...

Linux Distros Unpatched Vulnerability : CVE-2024-9681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise...

Linux Distros Unpatched Vulnerability : CVE-2024-45321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. CVE-2024-45321 Note that...

EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1170)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than...

Azure Linux 3.0 Security Update: cmake / curl / mysql / rust (CVE-2024-9681)

The version of cmake / curl / mysql / rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9681 advisory. - When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent...

EulerOS 2.0 SP8 : perl-App-cpanminus (EulerOS-SA-2025-1127)

According to the versions of the perl-App-cpanminus package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network...

Amazon Linux 2 : curl (ALAS-2025-2724)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2724 advisory. When curl is asked to use HSTS, the expiry time for a subdomain mightoverwrite a parent domain's cache entry, making it end sooner or...

RHEL 9 : perl-App-cpanminus (RHSA-2024:10218)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:10218 advisory. Why? It's dependency free, requires zero configuration, and stands alone but it's maintainable and extensible with plug-ins and friendly to shell...

Moderate: Red Hat Security Advisory: perl-App-cpanminus:1.7044 security update

An update for the perl-App-cpanminus:1.7044 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

USN-7104-1: curl vulnerability

It was discovered that curl could overwrite the HSTS expiry of the parent domain with the subdomain's HSTS entry. This could lead to curl switching back to insecure HTTP earlier than otherwise intended, resulting in information exposure...

Important: perl-App-cpanminus

Issue Overview: The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. CVE-2024-45321 Affected Packages: perl-App-cpanminus Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section...

AZL-52347 CVE-2024-9681 affecting package curl for versions less than 8.8.0-4

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

MGASA-2024-0339 Updated cpanminus packages fix security vulnerability

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. CVE-2024-45321...