CVE-2023-42261

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

The vulnerability of the unified management system of the Fujitsu Software Infrastructure Manager, related to unencrypted storage of user credentials, allows a perpetrator to escalate their privileges.

The vulnerability of the unified management system of the Fujitsu Software Infrastructure Manager lies in the unencrypted storage of account data. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by gaining access to the account data stored on the proxy...

The vulnerability of the proxy server of the Windows operating system’s data streaming service allows attackers to enhance their privileges.

The vulnerability of the proxy server of the Windows operating system for data streaming services is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

PT-2023-6500 · Sap · Sap Powerdesigner

Name of the Vulnerable Software and Affected Versions: SAP PowerDesigner version 16.7 Description: The issue is related to improper access control in SAP PowerDesigner, which could allow an unauthenticated attacker to run arbitrary queries against the back-end database via a proxy. This could...

CVE-2023-39379

Fujitsu Software Infrastructure Manager ISM stores sensitive information at the product's maintenance data ismsnap in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software...

Information disclosure

Fujitsu Software Infrastructure Manager ISM stores sensitive information at the product's maintenance data ismsnap in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software...

CVE-2023-39379

Fujitsu Software Infrastructure Manager ISM stores sensitive information at the product's maintenance data ismsnap in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software...

CVE-2023-39379

The CVE-2023-39379 entry concerns Fujitsu Software Infrastructure Manager (ISM) where the ismsnap maintenance data stores the proxy server password in cleartext. Affected products/versions are ISM Advanced Edition V2.8.0.060 (including PRIMEFLEX variant) and Essential Edition V2.8.0.060. The issu...

JVN#38847224: Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext

Fujitsu Software Infrastructure Manager ISM V2.8.0.060, provided by Fujitsu Limited, stores the password for the proxy server in cleartext form to the product's maintenance data ismsnap CWE-312 under the following conditions. Using a proxy server that requires authentication in the connection fro...

PT-2023-5240 · Fujitsu · Fujitsu Software Infrastructure Manager Essential Edition +2

Name of the Vulnerable Software and Affected Versions: Fujitsu Software Infrastructure Manager Advanced Edition version 2.8.0.060 Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX version 2.8.0.060 Fujitsu Software Infrastructure Manager Essential Edition version 2.8.0.060...

The vulnerability of the Envoy proxy server, related to an incorrect handling after release, allows a attacker to perform a DoS attack.

The vulnerability of the Envoy proxy server is related to an error that occurs after liberation. Exploiting this vulnerability allows a remote attacker to carry out a DoS attack...

[SECURITY] Fedora 37 Update: trafficserver-9.2.1-1.fc37

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

Debian: Security Advisory (DSA-5435-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerability in Apache HTTP Server ( CVE-2023-25690 ) affects Power HMC

Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with...

The vulnerability of the HTTP proxy server of the Grafana data visualization web tool allows attackers to perform cross-site scripting attacks.

The vulnerability of the HTTP proxy server of the Grafana data visualization tool is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created malicious HTML page...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1847)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3401 : apache2 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3401 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3401-1 [email protected]...

CVE-2023-25690

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

SUSE CVE-2009-2057

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL...

SUSE CVE-2016-6624

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the...