45 matches found
EUVD-2020-0293
Malware in sbrugna...
EUVD-2021-0909
Malware in sbrugna...
EUVD-2021-1225
Malware in sbrugna...
EUVD-2024-1316
Malicious code in bioql PyPI...
CLSA-2024-1734643101 Fix CVE(s): CVE-2024-6923
SECURITY UPDATE: Improper newline quoting in email module header serialization - debian/patches/CVE-2024-6923.patch: Encode newlines in headers and verify headers to be sound - CVE-2024-6923...
Windows IIS HTTP Protocol Stack Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows IIS HTTP Protocol Stack DOS', 'Description' = %q This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafte...
SUSE SLES15 / openSUSE 15 Security Update : python-gunicorn (SUSE-SU-2024:2881-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2881-1 advisory. - CVE-2024-1135: Fixed HTTP Request Smuggling due to improperly validate Transfer-Encoding headers bsc1222950 Tenable has...
RHEL 8 : Red Hat OpenStack Platform 16.2 (python-gunicorn) (RHSA-2024:4054)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4054 advisory. Gunicorn Green Unicorn is a Python WSGI HTTP server for UNIX. Security Fixes: HTTP Request Smuggling due to improper validation of Transfer-Encoding...
Gunicorn < 22.0.0 HTTP Request Smuggling Vulnerability
Gunicorn is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gunicorn:gunicorn"; ...
CVE-2024-1135
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...
CVE-2024-1135
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...
DEBIAN-CVE-2024-1135
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...
CVE-2024-1135
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...
CVE-2024-1135 HTTP Request Smuggling in benoitc/gunicorn
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...
PT-2024-2559 · Thales · Thales Imperva Securesphere
Name of the Vulnerable Software and Affected Versions: Thales Imperva SecureSphere WAF versions 14.7.0.40 and earlier, without the February 2024 update from the Application Delivery Controller ADC Thales Imperva SecureSphere versions prior to the February 2024 update Description: The issue is...
SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2023:0419-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0419-1 advisory. - A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient...
K82567234: NodeJS vulnerability CVE-2022-32215
Security Advisory Description The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. CVE-2022-32215 Impact Impact There is no impact; F5 products are not affected b...
Oracle Linux 9 : grafana-pcp (ELSA-2022-8250)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-8250 advisory. 3.2.0-3 - bump NVR Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation
Summary A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Vulnerability Details CVEID:CVE-2022-32215 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle multi-line Transfer-Encoding headers by t...
Node.js 14.x < 14.20.0 / 16.x < 16.16.0 / 18.x < 18.5.0 Multiple Vulnerabilities (July 7th 2022 Security Releases).
The version of Node.js installed on the remote host is prior to 14.20.0, 16.16.0, 18.5.0. It is, therefore, affected by multiple vulnerabilities as referenced in the July 7th 2022 Security Releases advisory. - The llhttp parser in the http module does not correctly parse and validate...