Mageia: Security Advisory (MGASA-2015-0177)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

T-Reqs-HTTP-Fuzzer - A Grammar-Based HTTP Fuzzer

T-Reqs T wo Req uests is a grammar-based HTTP Fuzzer written as a part of the paper titled "T-Reqs: HTTP Request Smuggling with Differential Fuzzing" which was presented at ACM CCS 2021. BibTeX of the paper: @inproceedingsccs2021treqs, title=T-Reqs: HTTP Request Smuggling with Differential Fuzzin...

PortSwigger Web Security: No Rate Limit On Regenerate Password on Portswigger

Introduction A little bit about Rate Limit: A rate limiting algorithm is used to check if the user session or IP-address has to be limited based on the information in the session cache. In case a client made too many requests within a given timeframe, HTTP-Servers can respond with status code 429...

On : No Rate Limit in Login Page

The login page of the website did not have a rate limit implemented, allowing an attacker to perform brute force attacks by trying multiple login attempts without being restricted...

CVE-2021-29991

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox 91.0.1 and Thunderbird 91.0.1...

nginx 1.1.4 <= 1.2.8 / 1.3.0 <= 1.4.0 DoS Vulnerability

nginx is prone to denial of service DoS vulnerability when proxypass is used with untrusted HTTP servers. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Server side request forgery (ssrf)

Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. This issue potentially exposes both internal and...

Squid < 4.9 Multiple Vulnerabilities

According to its self-reported version number, the version of Squid installed on the remote host is prior to 4.9. It is, therefore, affected by multiple vulnerabilities: - A heap overflow and possible a remote code execution exist due to incorrect buffer management when processing URN...

RHEL 8 : Red Hat OpenShift Service Mesh 1.1.11 (RHSA-2020:5649)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5649 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Service.

Summary A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-15586 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a data race in some net/http servers. By sending specially-crafted HTTP...

RHEL 7 / 8 : OpenShift Container Platform 4.5.20 packages and golang (RHSA-2020:5119)

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5119 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

EulerOS 2.0 SP5 : golang (EulerOS-SA-2020-2247)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid...

EulerOS 2.0 SP3 : golang (EulerOS-SA-2020-2078)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, becau...

Authorization Bypass

squid is vulnerable to authorization bypass. When handling a URN request, the corresponding HTTP request that is made does not go through the access checks, allowing an attacker to bypass access checks and gain access to restricted HTTP servers such as HTTP servers listening on localhost...

Amazon Linux AMI : golang (ALAS-2020-1417)

The version of golang installed on the remote host is prior to 1.13.14-1.58. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1417 advisory. Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProx...

Quiz and Survey Master < 7.0.2 - Unauthenticated Arbitrary File Upload

Because the plugin doesn't validate the name of the uploaded file, an unauthenticated user could upload a PHP script with a double extension, e.g., script.php.jpg, and execute it on HTTP servers running a configuration such as Apache + PHP FastCGI. Edit WPScanTeam: This appears to be due to an...

Amazon Linux 2 : golang (ALAS-2020-1479)

The version of golang installed on the remote host is prior to 1.13.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1479 advisory. Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy...

Medium: golang

Issue Overview: Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. CVE-2020-15586 Affected Packages: golang Note: This advisory is...

EulerOS 2.0 SP8 : golang (EulerOS-SA-2020-1804)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, becau...

CVE-2020-15586

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...