Oracle Linux 7 : tomcat (ELSA-2020-4004)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4004 advisory. - The payload length in a WebSocket frame was not co ...

Continue Reading
Internet Bug Bounty: Argocd’s web terminal session doesn’t expire

The vulnerability is that web terminal sessions do not expire, even if the argocd's web session has expired. Step 1: Log in to ArgoCD. Step 2: Open a web terminal session in ArgoCD, which is used to ...

Continue Reading
CVE-2023-40025

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows ...

Continue Reading

CVSS3 - HIGH

CVSS2 - MEDIUM

Wireshark 4.0.x < 4.0.8 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 4.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.0.8 advisory. - Multiple inte ...

Continue Reading
[SECURITY] Fedora 38 Update: libwebsockets-4.3.2-5.fc38

This is the libwebsockets C library for lightweight websocket clients and servers.Read More ...

Continue Reading
Insufficient Session Expiration

github.com/argoproj/argo-cd is vulnerable to Insufficient Session Expiration. The vulnerability exists because web terminal sessions in the library do not expire, which allows an attacker to send a we ...

Continue Reading
Argo CD web terminal session doesn’t expire

### Impact All versions of Argo CD starting from v2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already ex ...

Continue Reading
CVE-2023-40025

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading

Back to Main

Subscribe for the latest news: