16602 matches found
GHSA-V858-922F-FJ9V SimpleSAMLphp Link Injection vulnerability
Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts we...
Medium: amazon-ecr-credential-helper
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
Denial of Service in rack-contrib via "profiler_runs" parameter
rack-contrib prior to version 2.5.0 is vulnerable to a Denial of Service via the profilerruns HTTP request parameter. Versions Affected: = 2.5.0 Impact An attacker can trigger a Denial of Service by sending an HTTP request with an overly large profilerruns parameter. shell curl...
CVE-2024-35232
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...
CVE-2024-35232 github.com/huandu/facebook may expose access_token in error message
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...
CVE-2024-35232 github.com/huandu/facebook may expose access_token in error message
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...
GHSA-3F65-M234-9MXR github.com/huandu/facebook may expose access_token in error message.
Summary accesstoken can be exposed in error message on fail in HTTP request. Details Using this module, when HTTP request fails, error message can contain accesstoken. This can be happen when: - module is sending HTTP request with query parameter ?accesstoken=.... - and HTTP request fails errors...
github.com/huandu/facebook may expose access_token in error message.
Summary accesstoken can be exposed in error message on fail in HTTP request. Details Using this module, when HTTP request fails, error message can contain accesstoken. This can be happen when: - module is sending HTTP request with query parameter ?accesstoken=.... - and HTTP request fails errors...
httpd:2.4 security update
httpd 2.4.37-64.0.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-64 - Resolves: RHEL-14448 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 2.4.37-63 - modxml2enc: fix media type handling Resolves: RHEL-14321 modhttp2 1.15.7-10 - Resolves: RHEL-29817 -...
CVE-2024-5201
Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request...
CVE-2024-5201 Dimensions RM - Privilege Escalation
Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request...
CVE-2024-5201 Dimensions RM - Privilege Escalation
Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request...
CVE-2024-5201
CVE-2024-5201 describes a privilege escalation in OpenText Dimensions RM where an authenticated user can elevate to another user’s privileges via an HTTP request. The affected product is OpenText Dimensions RM; the underlying root cause and exact exploit path are not detailed in the provided docu...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.42 bug fix and security update
Red Hat OpenShift Container Platform release 4.13.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...
CVE-2024-3708
A condition exists in lighttpd version prior to 1.4.51 whereby a remote attacker can craft an http request which could result in multiple outcomes: 1. cause lighttpd to access freed memory in which case the process lighttpd is running in could be terminated or other non-deterministic behavior cou...
CVE-2024-3708
...
Apache Tomcat 8.0.0.RC1 < 8.0.39 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.0.39. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.39security-8 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before...
Apache Tomcat 7.0.0 < 7.0.73 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.73. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.73security-7 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before...
Apache Tomcat 9.0.0.M1 < 9.0.0.M13 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.0.m13security-9 advisory. - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x befor...
Apache Tomcat 8.5.0 < 8.5.51 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.5.51. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.51security-8 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to...