Couchbase Server 加密问题漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that primarily supports data querying, full-text searching, and active global replication. A cryptographic issue vulnerability exists in Couchbase Server, which stems from the inclusion of plaintext...

PYSEC-2021-363

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

CVE-2021-27791

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...

CVE-2021-27791

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...

CVE-2021-27791

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...

CVE-2021-27791

CVE-2021-27791 affects Brocade Fabric OS Web application service prior to v9.0.1a and v8.2.3a. The parsing of the Authentication header can mishandle a malformed header, causing memory addresses outside the intended range to be read. An unauthenticated attacker could bypass authentication as a re...

Brocade Fabric OS 缓冲区错误漏洞

Brocade Fabric OS FOS is an embedded operating system used in switches, routers, and other devices from Brocade. Brocade Fabric OS suffers from a buffer error vulnerability, which can be exploited by an attacker to force an invalid address to be read via the Authentication Header of Brocade Fabri...

Brocade Fabric OS Web application service fails to properly process malformed authentication headers resulting in reading memory addresses outside the intended range. (CVE-2021-27791)

Security Advisory ID : BSA-2021-1491 Component : Web Application Service Revision : 1.1 The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication heade...

CVE-2020-24918

A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parseauthenticationheader in libamprotocol-rtsp.so.1 in rtspsvc or cause a...

OESA-2021-1126 python-httplib2 security update

httplib2 is a comprehensive HTTP client library, httplib2.py supports many features left out of other HTTP libraries. Security Fixes: httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0"...

DEBIAN-CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

UBUNTU-CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

PT-2021-6101

Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.19.0 Description A malicious server which responds with long series of xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

curl: HTTP authentication leak in redirects

It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1002)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol

LOLBITS is a C reverse shell that uses Microsoft's Background Intelligent Transfer Service BITS to communicate with the Command and Control backend. The Command and Control backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP requests receive...

D-Link DAP-1860 Remote Code Execution Vulnerability

The D-Link DAP-1860 is a WiFi range extender from AUO D-Link of Taiwan, China. A remote code execution vulnerability exists in the D-Link DAP-1860. The vulnerability can be exploited by an attacker to execute arbitrary code with root privileges with the help of shell metacharacters in the HNAPAUT...

curl: HTTP authentication leak in redirects

It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities...

The vulnerability of the libcurl library, caused by buffer overflows in the stack, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Curlauthcreatentlmtype3message function, which creates the NTLM type-3 header lib/vauth/ntlm.c, from the libcurl library, is due to a buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1172)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification...