Malicious code in bricks-builder-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad643457c1104b8f118971a9ee95702f2126a16f33a4ec9dfd8ed21c43fc1eb bricks-builder-mcp is a Model Context Protocol server exposing WordPress/Bricks Builder editing tools page JSON edits, media uploads, custom CSS/JS...

Important: Red Hat Security Advisory: Satellite 6.18.4 Async Update

A new release is now available for Red Hat Satellite 6.18 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

EUVD-2019-15832

Malware in sbrugna...

CVE-2020-29658

Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation...

Insecure SSL Certificate Validation

github.com/hashicorp/consul has a missing SSL certificate validation. The vulnerability exists due to the xds not ensuring that the subject Alternative Name of an upstream is validated...

CVE-2020-29658

Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation...

Design/Logic Flaw

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous ADH or Ephemeral DHE Diffie-Hellman key exchange and Single DH use option not enable...

Insecure Cipher Suites

excon uses insecure SSL cipher suites. The usage of insecure 3DES ciphers enables a remote attacker to carry out man-in-the-middle attacks...

CVE-2019-6266

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext...

Code injection

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext...

CVE-2017-3969

Abuse of communication channels vulnerability in the server in McAfee Network Security Management NSM before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL...

cccneb.edu XSS vulnerability

Vulnerable URL: http://www.cccneb.edu/swfs/player.swf?tracecall=prompt%27openbugbounty%27 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 15.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 372357 VIP website...

zuidaima.com Open Redirect vulnerability

Vulnerable URL: http://www.zuidaima.com/link.htm?url=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.10.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 33200 VIP website status:| Yes Check...

seloger.com XSS vulnerability

Vulnerable URL: http://www.seloger.com/list.htm?idtt=xany'-alert'OPENBUGBOUNTY'-'/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3827 VIP website status:| Yes Check seloger.com SS...

AlarmMon - Customized SSL, Insecure SSL socket, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application AlarmMon published at the 'play' market has multiple vulnerabilities...

meethope.com.cn XSS vulnerability

Vulnerable URL: http://meethope.com.cn/search/?Keyword=%3E%27%3E%22%3Es%3Ci%3Ei%3Cimg+src%3Dx+onerror%3Dprompt%28%2Fopenbugbounty%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

KakaoGroup - Customized SSL, Insecure SSL socket, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application KakaoGroup published at the 'play' market has multiple vulnerabilities...

ipla - Customized SSL, Insecure SSL socket, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application ipla published at the 'play' market has multiple vulnerabilities...

diomoncton.ca XSS vulnerability

Vulnerable URL: http://www.diomoncton.ca/fr/resultats-de-recherche?kw=test%22%3E%3E%3Csvg%2Fonload%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3B%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

Dolphin Jetpack - Fast & Flash - Customized SSL, Dangerous filesystem permissions, Insecure SSL socket vulnerabilities

HackApp vulnerability scanner discovered that application Dolphin Jetpack - Fast & Flash published at the 'play' market has multiple vulnerabilities...