CVE-2024-51774

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors...

DEBIAN-CVE-2024-51774

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors...

CVE-2024-51774

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors...

ROS-20241029-07

The vulnerability in Buildah container image management tool is related to input validation errors in the directory traversal sequences in cache mounts. Exploitation of the vulnerability could allow an infringing user to escalate privileges on the system...

Vulnerability of the MySQL Server component: The Telemetry feature of the MySQL Server management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the MySQL Server component relates to insufficient protection of operational data due to incorrect validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the MySQL network...

The vulnerability of the C++ Botan cryptographic library, related to incorrect certificate verification, allows attackers to influence the integrity of the system.

The vulnerability of the C++ Botan cryptographic library is related to errors in the certificate validation process. Exploiting this vulnerability could allow a malicious actor to influence the integrity of the system remotely...

Apache Roller 输入验证错误漏洞

Apache Roller is the United States Apache Apache Foundation of a Java-based multi-user open source blogging system. Apache Roller suffers from a cross-site scripting vulnerability that can be exploited by an attacker to obtain cookie-based authentication credentials...

PT-2024-40211 · Unknown · Form Framework

Name of the Vulnerable Software and Affected Versions: Form Framework affected versions not specified Description: A cross-site scripting issue has been found in the Form Framework related to the output of field validation errors. Recommendations: At the moment, there is no information about a...

GHSA-97JM-G33H-F46G silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeFieldReadonly. Values submitted to through these form fields are not filtered out from the form session data...

The vulnerability of the MongoDB database management system is related to errors in the TLS certificate validation process, which allows a perpetrator to establish unauthorized connections to the MongoDB server.

The vulnerability of the MongoDB database management system is related to errors in the TLS certificate validation process. Exploiting this vulnerability allows an attacker to establish unauthorized connections to the MongoDB server remotely...

GHSA-8QPW-XQXJ-H4R2 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

Summary Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger...

The vulnerability in the web interface of the software for managing network infrastructure SINEC INS allows a perpetrator to enhance their privileges.

The vulnerability of the software web interface for managing SINEC INS network infrastructure is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker, operating remotely, to enhance their privileges by intercepting requests sent to the UMC...

The vulnerability of the scanning function of SSL/TLS-protocol-based antivirus software from ESET, including ESET NOD32, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate, ESET Endpoint Antivirus for Windows, ESET Endpoint Security for Windows, ESET Endpoint Antivirus for Linux, ESET Server Security for Windows Server (File Security for Microsoft Windows Server), ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Microsoft SharePoint Server, ESET File Security for Microsoft Azure, and ESET Server Security for Linux, allows attackers to bypass the security measures.

The vulnerability of the scanning function of SSL/TLS-protection in ESET NOD32 antivirus software, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate, ESET Endpoint Antivirus for Windows, ESET Endpoint Security for Windows, ESET Endpoint Antivirus for Linux, ESET Server...

The vulnerability of the TLS implementation of the RTU500 Scripting Interface for programming logic controllers from Hitachi Energy allows attackers to gain unauthorized access to protected information and perform spoofing attacks.

The vulnerability of the TLS implementation in the RTU500 Scripting Interface for programming logic controllers from Hitachi Energy relates to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information a...

Advisory ROSA-SA-2023-2308

Software: libarchive 3.3.3 OS: ROSA Virtualization 2.1 packageevrstring: libarchive-3.3.3.3-5.0.1.rv3.src.rpm CVE-ID: CVE-2018-1000879 BDU-ID: 2020-01816 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the archiveaclfromtextlins function of the libarchive library is related to NULL pointer...

Phoenix SecureCore Input Validation Error Vulnerability

Phoenix SecureCore is a computer-based input/output system from Phoenix Contact Phoenix of Germany. An input validation error vulnerability exists in Phoenix SecureCore Technology 4 that stems from improper input validation and could lead to a denial of service attack or arbitrary code execution...

Project Worlds Online Examination System Input Validation Error Vulnerability

Project Worlds Online Examination System is an online examination system. Project Worlds Online Examination System v1.0 suffers from an input validation error vulnerability that stems from susceptibility to multiple open redirection vulnerabilities that allow an attacker to redirect a victim user...

The vulnerability of the Routing Protocol Demon (RPD) in Juniper Networks’ Junos OS and Junper Networks’ Junos OS Evolved operating systems allows a attacker to cause a service failure.

The vulnerability of the Routing Protocol Demon RPD in Juniper Networks’ Junos OS and Junper Networks’ Junos OS Evolved operating systems is related to syntax validation errors in input verification. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the Microsoft Exchange Server mail server, related to errors in checking command arguments, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to errors during the validation of command-line arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Security component in operating systems such as tvOS, iOS, iPadOS, watchOS, and macOS allows attackers to bypass signature checks.

The vulnerability of the Security component in operating systems such as tvOS, iOS, iPadOS, watchOS, and macOS is related to errors in the certificate validation process. Exploiting this vulnerability can allow attackers to bypass the signature verification...