DEBIAN-CVE-2021-33037

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

UBUNTU-CVE-2021-33037

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

tomcat -- HTTP request smuggling in multiple versions

Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab reports: Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignored...

SUSE: Security Advisory (SUSE-SU-2017:2130-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21390

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guarante...

Cross site request forgery (csrf)

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guarante...

CVE-2021-21390

MinIO (open-source object storage) contains a PUT-mode vulnerability in aws-chunked encoding where the server may skip end-of-chunk signature verification if a forged chunk size is sent, enabling MITM modification of request bodies intended to be protected by chunk signatures. This affects releas...

PT-2021-14469 · Minio +1 · Minio +1

Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2021-03-17T02-33-02Z Description: MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. The issue enables MITM modification of request...

minio -- MITM attack

minio developer report: This is a security issue because it enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipp...

Remote Code Execution (RCE)

MiniDLNA is vulnerable to remote code execution. An attacker is able to send a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...

DEBIAN-CVE-2020-28926

ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...

CVE-2020-28926

ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...

Buffer overflow

ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...

UBUNTU-CVE-2020-28926

ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...

ReadyMedia 安全漏洞

ReadyMedia is a simple media server software designed to be fully compatible with DLNA/UPnP-AV clients.A remote code execution vulnerability exists in versions prior to ReadyMedia 1.3.0. An attacker could exploit the vulnerability by sending malicious UPnP HTTP requests to the miniDLNA service...

Making the Edge Come Alive

In April 2019, Netflix viewers streamed 164 million hours of on-demand content per day. Fast forward a year. In April 2020, Twitch streamed 55 million hours per day. The vast majority of that was live. We have seen the future of video. It is live. But live workflows have challenges and requiremen...

Ubuntu: Security Advisory (USN-4565-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4565-1: OpenConnect vulnerability

It was discovered that OpenConnect has a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. An attacker could use it to provoke a denial of service crash...

USN-4565-1 openconnect vulnerability

It was discovered that OpenConnect has a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. An attacker could use it to provoke a denial of service crash...

Arbitrary Code Execution

openconnect is vulnerable to arbitrary code execution. A buffer overflow vulnerability occurs in the processhttpresponse when a malicious server uses HTTP chunked encoding with malicious chunk sizes, resulting in arbitrary code execution...