Missing key verification in gost

An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...

CVE-2024-39223

An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...

CVE-2024-39223

An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...

UBUNTU-CVE-2024-39223

An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...

CVE-2024-39223

CVE-2024-39223 affects gost v2.11.5, where the SSH service can be compromised via an authentication bypass by configuring the HostKeyCallback to ssh.InsecureIgnoreHostKey. The Red Hat advisory reiterates the vulnerability description and references the same affected version, noting an authenticat...

CVE-2024-39223

An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey...

GO Simple Tunnel Security Vulnerability

GO Simple Tunnel is a GO language implementation of a secure tunnel by ginuerzh individual developers. A security vulnerability exists in GO Simple Tunnel version 2.11.5, which stems from an authentication bypass issue in the SSH service that allows an attacker to intercept communication via a...

LibreOffice Improper Certificate Validation Vulnerability (Jul 2024) - Windows

LibreOffice is prone to an improper certificate validation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-41926 Insufficiently protected credentials in Kiloview P1/P2 devices

The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...

PT-2024-13015 · Kiloview · P1/P2 +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns the use of basic authentication for user login to the configuration interface of a webserver. Since encryption is disabled on port 80, this setup allows potential...

Kiloview P1 4G Video Encoder and P2 4G Video Encoder Security Vulnerabilities

Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both professional video encoder devices from China-based Kiloview. A security vulnerability exists in the Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder, which stems from disabling encryption on port 80, which may...

CVE-2024-5820

An unprotected WebSocket connection in the latest version of stitionai/devika commit ecee79f allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all...

PT-2024-37182 · Devika · Devika

Name of the Vulnerable Software and Affected Versions: stitutionai/devika version ecee79f Description: The issue arises from an unprotected WebSocket connection, allowing a malicious website to connect to the backend and issue commands on behalf of the user. This enables the malicious website to...

CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

CVE-2024-30119

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...

CVE-2024-30119 HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...

CVE-2024-30119

CVE-2024-30119 affects HCL DRYiCE Optibot Reset Station due to a missing Strict Transport Security (HSTS) header. Underlying issue allows potential interception or manipulation of data during redirection. CVSSv3.1/3.1 metrics indicate a base score of 3.7 (LOW) with Network attack vector, high att...

CVE-2024-5996

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

HCL Technologies DRYiCE Optibot Reset Station Security Vulnerability

HCL Technologies DRYiCE Optibot Reset Station is an application from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE Optibot Reset Station that stems from the lack of a Strict Transport Security header. An attacker exploiting this vulnerability could intercept or...