PT-2023-7999 · Eset · Eset Security For Microsoft Sharepoint Server +12

Name of the Vulnerable Software and Affected Versions: ESET NOD32 versions affected versions not specified ESET Internet Security versions affected versions not specified ESET Smart Security Premium versions affected versions not specified ESET Security Ultimate versions affected versions not...

The vulnerability of the FortiDDoS-F software and the FortiADC web management tool lies in the use of an unauthorized intermediate policy file, allowing attackers to access confidential information.

The vulnerability of the FortiDDoS-F software and the FortiADC web management tool lies in the use of an unauthorized intermediate policy file. Exploiting this vulnerability can allow attackers to access confidential information...

PT-2023-8242 · Siemens · Simatic Cn 4100

Name of the Vulnerable Software and Affected Versions: SIMATIC CN 4100 versions prior to V2.7 Description: A vulnerability has been identified in the intermediate installation process of the SIMATIC CN 4100 communication gateway, which is related to the use of default credentials with admin...

PT-2023-8243 · Siemens · Simatic Cn 4100

Name of the Vulnerable Software and Affected Versions: SIMATIC CN 4100 versions prior to V2.7 Description: A vulnerability has been identified that allows an attacker to add their own login credentials to the device during the "intermediate installation" system state. This enables the attacker to...

PT-2023-9699 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 27.1.9 Nextcloud Server versions prior to 28.0.5 Nextcloud Server versions prior to 29.0.0 Nextcloud Enterprise Server versions prior to 21.0.9.18 Nextcloud Enterprise Server versions prior to 22.2.10.23...

Siemens QMS Automotive 安全漏洞

Siemens QMS Automotive is a quality management system for the automotive industry from Siemens, Germany. A security vulnerability exists in Siemens QMS Automotive version V12.39, which stems from a lack of security controls in the affected application to prevent unencrypted communication without...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

Fedora 38 : perl-HTTP-Daemon (2023-748e811334)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-748e811334 advisory. 6.16 2023-02-24 03:07:14Z - Bump LWP::UserAgent to 6.37 in TestSuggests GH65 Olaf Alders ---- 6.15 2023-02-22 22:02:46Z - Fix CVE-2022-31081: Inconsistent...

K15623: GnuTLS vulnerability CVE-2009-5138

Security Advisory Description GnuTLS before 2.7.6, when the GNUTLSVERIFYALLOWX509V1CACRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new...

K14903688: BIG-IP SSL Profile OCSP Authentication security exposure

Security Advisory Description The BIG-IP system does not properly verify the revocation of intermediate CA certificates when querying Online Certificate Status Protocol OCSP servers and may allow unauthorized connections. This issue occurs when all of the following conditions are met: You have a...

SUSE CVE-2003-0432

Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the 1 BGP, 2 WTP, 3 DNS, 4 802.11, 5 ISAKMP, 6 WSP, 7 CLNP, 8 ISIS, and 9 RMI dissectors...

SUSE CVE-2005-3241

Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote attackers to cause a denial of service memory consumption via unspecified vectors in the 1 ISAKMP, 2 FC-FCS, 3 RSVP, and 4 ISIS LSP dissector...

SUSE CVE-2009-3046

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate...

SUSE CVE-2009-5138

GnuTLS before 2.7.6, when the GNUTLSVERIFYALLOWX509V1CACRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different...

SUSE CVE-2014-1959

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates...

SUSE CVE-2015-4680

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates...

SUSE CVE-2018-16588

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 SLE-12 and through 4.5-5.39 for SUSE Linux Enterprise 15 SLE-15. Non-existing intermediate directories are created with mode 0777 durin...