DEBIAN-CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

UBUNTU-CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

squid: Request/Response smuggling in HTTP/1.1 and ICAP

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

squid: Request/Response smuggling in HTTP/1.1 and ICAP

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

squid: Request/Response smuggling in HTTP/1.1 and ICAP

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

Important: Red Hat Security Advisory: OpenShift Virtualization 4.12.8 Images security update

Red Hat OpenShift Virtualization release 4.12.8 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

Exploit for Command Injection in Mjdm Majordomo

Deep Dive: CVE-2023-50917 - Unmasking an Unauthenticated Remo...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when processing ogg vorbis files using the DECODE macro. An attacker can leak internal memory allocation information by crafting a file that triggers an out-of-bounds read when var is negative. Remediation There is no...

CLSA-2023-1697739734 python: Fix of 2 CVEs

CVE-2022-45061: fix quadratic time idna decoding - CVE-2021-3737: fix http client infinite line reading DoS after a HTTP 100 Continue...

CLSA-2023-1697739575 python3: Fix of 4 CVEs

CVE-2021-3737: Fix http client infinite line reading DoS after a HTTP 100 Continue - CVE-2021-28861: Fix an open redirection vulnerability in http.server - CVE-2022-0391: Make urllib.parse sanitize urls containing ASCII newline and tabs - CVE-2022-45061: Fix quadratic time idna decoding...

Important: docker

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks as Javascript string delimiters, and as such did not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contained a G...

Important: docker

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks as Javascript string delimiters, and as such did not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contained a G...

Important: docker

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks as Javascript string delimiters, and as such did not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contained a G...

Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Overview Affected versions of this package are vulnerable to Improper Release of Memory Before Removing Last Reference 'Memory Leak' in the QUIC transport parameters when multiple instances are present or multiple calls to the decode happen. An attacker can cause a denial of service when the MsQu...

Important: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...

Atcom 2.7.x.x - Authenticated Command Injection Vulnerability

Exploit Title: Atcom 2.7.x.x - Authenticated Command Injection Exploit Author: Mohammed Adel Vendor Homepage: https://www.atcom.cn/ Software Link: https://www.atcom.cn/html/yingwenban/Product/FastIPphone/2017/1023/135.html Version: All versions above 2.7.x.x Tested on: Kali Linux Exploit Request:...

Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Heap buffer overflow in vp8 encoding in libvpx CVE-2023-5217 libvpx: crash related to VP9 encoding in libvp...

ALSA-2023:5539 Important: libvpx security update

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fixes: libvpx: Heap buffer overflow in vp8 encoding in libvpx CVE-2023-5217 libvpx: crash related to VP9 encoding in libvp...

Exploit for Out-of-bounds Write in Webmproject Libvpx

CVE-2023-5217: libvpx VP8 Encoding Heap Overflow PoC CVE-2023...

Amazon Linux 2 : squid (ALASSQUID4-2023-010)

The version of squid installed on the remote host is prior to 4.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2SQUID4-2023-010 advisory. 2023-10-12: CVE-2022-41317 was added to this advisory. An issue was discovered in Squid through 4.7 and 5. When receivin...