Tussendoor Internet & Marketing Security Vulnerabilities

CVE-2024-20869

Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for...

VMware Horizon Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)

A remote code execution vulnerability exists in VMware Horizon in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can explolit this, via.....

Fedora: Security Advisory for seamonkey (FEDORA-2021-df093b89ba)

The remote host is missing an update for...

CVE-2024-1561

An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy.....

CVE-2024-23829

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

VMware vRealize Operations Manager Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)

A remote code execution vulnerability exists in VMWare vRealize Operations Manager in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can....

CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....

CVE-2024-1023 Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....

CVE-2024-20837

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user...

CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....

Apache Druid Log4Shell Direct Check (CVE-2021-44228)

The version of Apache Druid running on the remote web server is affected by a remote code execution vulnerability in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A...

Moxa Device Manager Tool MDM2_Gateway Response Remote Overflow

The remote Windows host has a version earlier than 2.3 of the Moxa Device Manager (MDM) Tool, used for managing embedded industrial control systems across the Internet. Such versions are affected by a buffer overflow vulnerability that can be triggered using a specially crafted MDM2_Gateway...

Fedora: Security Advisory for seamonkey (FEDORA-2021-2761b54dff)

The remote host is missing an update for...

Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife

Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in...

KB5018418: Windows 11 Security Update (October 2022)

The remote Windows host is missing security update 5018418. It is, therefore, affected by multiple vulnerabilities Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability (CVE-2022-38036) Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045) ...

KB5018421: Windows Server 2022 Security Update (October 2022)

The remote Windows host is missing security update 5018421. It is, therefore, affected by multiple vulnerabilities Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability (CVE-2022-38036) Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045) ...

CVE-2022-39202

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat (IRC) protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of...

CVE-2024-30397 Junos OS: An invalid certificate causes a Denial of Service in the Internet Key Exchange (IKE) process

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a...

CVE-2024-38520 SoftEther VPN with L2TP - 2.75x Amplification

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...

CVE-2024-38520 SoftEther VPN with L2TP - 2.75x Amplification

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...

CVE-2024-25015

IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: ...

CVE-2024-38520

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7150929)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7150929 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of ...

Apache Solr Log4Shell Direct Check (CVE-2021-44228)

The version of Apache Solr running on the remote web server is affected by a remote code execution vulnerability in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A...

CVE-2024-38520

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...

Cisco IOS XE Software Internet Key Exchange Denial of Service Vulnerability

According to its self-reported version, the Cisco IOS XE Software is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more...

CVE-2023-35642

Internet Connection Sharing (ICS) Denial of Service...

CVE-2023-35641

Internet Connection Sharing (ICS) Remote Code Execution...

CVE-2024-25015 IBM MQ denial of service

IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: ...

CVE-2023-38148

Internet Connection Sharing (ICS) Remote Code Execution...

CVE-2024-0912

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

CVE-2022-22040

Internet Information Services Dynamic Compression Module Denial of Service...

CVE-2023-38148

Internet Connection Sharing (ICS) Remote Code Execution...

CVE-2023-35641

Internet Connection Sharing (ICS) Remote Code Execution...

CVE-2023-35642

Internet Connection Sharing (ICS) Denial of Service...

CVE-2023-35630

Internet Connection Sharing (ICS) Remote Code Execution...

CVE-2023-35630

Internet Connection Sharing (ICS) Remote Code Execution...

CVE-2022-34720

Windows Internet Key Exchange (IKE) Extension Denial of Service...

CVE-2022-34722

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution...

CVE-2024-0912

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

CVE-2024-25015 IBM MQ denial of service

IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: ...

CVE-2024-0912 CCURE passwords exposed to administrators

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

Exploit for Improper Input Validation in Microsoft

🇮🇱 **#BringThemHome...

CVE-2023-23415

Internet Control Message Protocol (ICMP) Remote Code Execution...

CVE-2023-23415

Internet Control Message Protocol (ICMP) Remote Code Execution...

Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

CVE-2023-21547

Internet Key Exchange (IKE) Protocol Denial of Service...

CVE-2024-0912 CCURE passwords exposed to administrators

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...

CVE-2023-21758

Windows Internet Key Exchange (IKE) Extension Denial of Service...

CVE-2023-21697

Windows Internet Storage Name Service (iSNS) Server Information Disclosure...