16601 matches found
CBL Mariner 2.0 Security Update: nodejs18 / nodejs (CVE-2024-27982)
The version of nodejs18 / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27982 advisory. - The team has identified a critical vulnerability in the http server of the most recent version of...
Debian dla-3851 : gunicorn - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3851 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3851-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DLA 3851-1] gunicorn security update
Debian LTS Advisory DLA-3851-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 30, 2024 https://wiki.debian.org/LTS Package : gunicorn Version : 19.9.0-1+deb10u1 CVE ID : CVE-2024-1135 Debian Bug : 1069126 Gunicorn, an event-based HTTP/WSGI server, fails to...
Security Bulletin: Vulnerability in Gunicorn affects IBM Process Mining CVE-2024-1135
Summary There is a vulnerability in Gunicorn that could allow an attacker to conduct XSS attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicor...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Node.js and IBM WebSphere Application Server Liberty
Summary There are multiple vulnerabilities in Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor CVE-2024-27983, CVE-2024-27980, CVE-2024-22329, CVE-2024-27982, CVE-2024-22354, CVE-2024-4068. Vulnerability Details CVEID:CVE-2024-27983 DESCRIPTION: Node.j...
URL Rewrite
zendframework/zend-feed is vulnerable to URL Rewrite. The vulnerability is due to marshaling a request URI that includes logic to introspect HTTP request headers specific to a server-side URL rewrite mechanism. The attacker can emulate these headers to request arbitrary content...
Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability
Talos Vulnerability Report TALOS-2024-1934 Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability June 26, 2024 CVE Number CVE-2024-5011 SUMMARY An uncontrolled resource consumption vulnerability exists in the TestController Chart functionality of Progress...
Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability
Talos Vulnerability Report TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability June 26, 2024 CVE Number CVE-2024-5017 SUMMARY A path traversal vulnerability exists in the AppProfileImport functionality of Progress Software Corporation WhatsUp...
Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities
Talos Vulnerability Report TALOS-2024-1933 Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities June 26, 2024 CVE Number CVE-2024-5010 SUMMARY An information disclosure vulnerability exists in the TestController functionality of Progress Softwa...
Security Bulletin: Maximo Application Suite - gunicorn-20.1.0-py3-none-any.whl is vulnerable to CVE-2024-1135 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses gunicorn-20.1.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP...
CVE-2024-5017
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure...
CVE-2024-5010
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information...
CVE-2024-5011 WhatsUp Gold TestController Chart denial of service vulnerability
In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service...
CVE-2024-5010 WhatsUp Gold TestController multiple information disclosure vulnerabilities
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information...
CVE-2024-5010
Progress Software’s WhatsUp Gold TestController contains an information-disclosure vulnerability (CVE-2024-5010) affecting versions such as 23.1.0 Build 1697 prior to 23.1.3. An unauthenticated HTTP request can disclose sensitive data (e.g., Devices and NetworkInterfaces), enabling disclosure of ...
Malicious code in http-request-query (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-5211 Malicious code in http-request-query (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Mageia: Security Advisory (MGASA-2024-0236)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-gunicorn packages fix security vulnerability
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...
MGASA-2024-0236 Updated python-gunicorn packages fix security vulnerability
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...