16602 matches found
CVE-2024-20394
A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could explo...
CVE-2024-20369
A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...
CVE-2024-20369
CVE-2024-20369 affects Cisco Crosswork Network Services Orchestrator (NSO) Web UI. The issue is improper input validation of a parameter in an HTTP request, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malicious website. Documented...
Cisco AppDynamics Network Visibility Service Denial of Service Vulnerability
A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could explo...
Cisco Crosswork Network Services Orchestrator Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...
Important: Red Hat Security Advisory: nodejs:20 security update
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Security Bulletin: Multiple security vulnerabilities in Eclipse Jetty affect IBM Security Directory Integrator
Summary The IBM Security Directory Integrator was vulnerable to multiple security vulnerabilities in the Eclipse Jetty component. This was addressed in version 10 of the IBM Security Directory Integrator. Vulnerability Details CVEID:CVE-2017-9735 DESCRIPTION: Jetty could allow a remote attacker t...
PT-2024-4565 · Cisco · Cisco Appdynamics Network Visibility Agent
Name of the Vulnerable Software and Affected Versions: Cisco AppDynamics Network Visibility Agent affected versions not specified Description: The issue is caused by the inability to handle unexpected input, allowing an unauthenticated, local attacker to cause a denial of service DoS condition on...
Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...
RHEL 9 : nodejs:20 (RHSA-2024:2853)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2853 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
ALSA-2024:2853 Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...
K000139615: Node.js vulnerability CVE-2024-27982
Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...
CVE-2023-45583
The CVE-2023-45583 vulnerability is a use of externally-controlled format string affecting Fortinet FortiProxy, FortiPAM, FortiOS, and FortiSwitchManager across multiple versions (e.g., FortiProxy 7.2.0–7.2.5, 7.0.x, 2.0.x, 1.x; FortiOS 7.x and 6.x; FortiPAM 1.x; FortiSwitchManager 7.x). The unde...
CVE-2024-34350
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...
CVE-2024-4817 Campcodes Online Laundry Management System HTTP Request Parameter manage_user.php resource injection
A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manageuser.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resourc...
CVE-2024-4817 Campcodes Online Laundry Management System HTTP Request Parameter manage_user.php resource injection
A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manageuser.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resourc...
CVE-2024-4817
CVE-2024-4817 affects Campcodes Online Laundry Management System v1.0, in the HTTP Request Parameter Handler (manage_user.php). The issue is an improper control of resource identifiers caused by unsafely handling the non-validated id parameter, enabling remote exploitation. Publicly disclosed exp...
Security Bulletin: IBM Storage Fusion is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.
Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-1135, CVE-2024-26130, CVE-2024-23829, CVE-2024-2334, CVE-2023-49081, CVE-2023-49082. Vulnerability Details CVEID:CVE-2024-11...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.
Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-23829, CVE-2024-23334, CVE-2024-1135, CVE-2024-26130. Vulnerability Details CVEID:CVE-2024-23829 DESCRIPTION: aio-libs...
AlmaLinux 9 : nodejs:18 (ALSA-2024:2779)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2779 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...