CVE-2022-36174

FreshService Windows Agent 2.11.0 and FreshService macOS Agent 4.2.0 and FreshService Linux Agent 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service...

CVE-2022-36174

CVE-2022-36174 affects FreshService agents: Windows < 2.11.0, macOS < 4.2.0, Linux

[SECURITY] Fedora 36 Update: golang-github-theupdateframework-notary-0.7.0-7.fc36

The Notary project comprises a server and a client for running and interacting with trusted collections. See the service architecture documentation for more information. Notary aims to make the internet more secure by making it easy for people to publish and verify content. We often rely on TLS t...

GHSA-QC9X-GJCV-465W Pipenv's requirements.txt parsing allows malicious index url in comments

Issue Summary Due to a flaw in pipenv's parsing of requirements files, an attacker can insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file e.g. with "pipenv install -r requirements.txt...

VideoOffice Arbitrary File Download and Execution Vulnerability

VideoOffice is Internet video conferencing. VideoOffice suffers from an arbitrary file download and execution vulnerability that stems from a lack of support for integrity checking. No detailed vulnerability details are available at this time...

Fortinet FortiOS Arbitrary File Download

Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files...

Reliance on Cookies without Validation and Integrity Checking in getgrav/grav

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. A cookie with an overly broad path can be accessed through other applications on the same domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications c...

CVE-2021-3818

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking...

CVE-2021-3818

CVE-2021-3818 : Grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. The connected sources confirm the issue stems from Grav’s handling of cookies without proper validation and integrity checks, with a documented risk example noting that a cookie with an overly bro...

ROS-2-630

2.630 Multiple Vulnerabilities in Moodle 1. Vulnerability description: The vulnerability discovered allows a remote attacker to perform cross-site scripting XSS attacks. The vulnerability allows a remote user to gain unauthorized access to other restricted features. Vulnerability allows a remote...

ROS-2-826

2.826 Multiple vulnerabilities in Mozilla Thunderbird CVE-2021-29957, CVE-2021-29956 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass the security restrictions imposed.FSTEC Russia Information Security Threat Data Bank Identifier: BDU:2021-02725, BDU:2021-02726...

ROS-2-811

2.811 Multiple vulnerabilities in Apache Tomcat CVE-2021-25122, CVE-2021-25329 1. Vulnerability Description: CVE-2021-25122 CVE-2021-25322 CVE-2021-25329 The vulnerability allows a remote attacker to gain access to sensitive information. The vulnerability exists due to mismanagement of internal...

Nexus Control Panel Code Issue Vulnerability

Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare. A code download without integrity check vulnerability exists in Nexus Control Panel versions prior to 7.2.5.7. The vulnerability stems from no file validation during the upload of an update. No details of the...

Secomea GateManager File Upload Vulnerability

Secomea GateManager is a remote access server product from Secomea, Denmark. A file upload vulnerability exists in versions prior to Secomea GateManager 9.4.621054022, which stems from a code upload vulnerability without integrity checking that can be exploited by an attacker to execute malicious...

Secomea GateManager 代码问题漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A file upload vulnerability exists in versions prior to Secomea GateManager 9.4.621054022, which stems from a code upload vulnerability without integrity checking that can be exploited by an attacker to execute malicious...

Capsoft Reportexpress ProPlus Remote Code Execution Vulnerability

Capsoft Reportexpress ProPlus is a Web reporting solution from Capsoft Korea that supports trying to search for information and storing multiple types of documents. A security vulnerability exists in Capsoft Reportexpress ProPlus prior to version 3.0.0.62, which stems from a lack of integrity...

Spoofing Attack

kernel is vulnerable to spoofing attacks. A flaw in the CIFS handling of the mount option sec= that didn't enable integrity checking and didn't produce any error message...

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as...

Linux: Install AIDE

Advanced Intrusion Detection Environment aide is an intrusion detection system for checking the integrity of files. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Input validation

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions...