USN-6641-1: curl vulnerability

Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains...

PT-2024-18183 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A vulnerability was found in Undertow that impacts servers supporting the wildfly-http-client protocol. When a malicious user opens and closes a connection with the HTTP port of the server...

CVE-2024-24758

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1185)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1174)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : python-urllib3 (EulerOS-SA-2024-1205)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect...

Server-Side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF via the process of fetching payment or payment provider information. An attacker can gain control over the destination URL of the HttpClient used in the API classes, leading to requests to unexpected...

TrueLayer.NET Code Issue Vulnerability

TrueLayer.NET is a .Net client for TrueLayer by TrueLayer UK. A code issue vulnerability exists in TrueLayer.NET. An attacker could use this vulnerability to gain control of the target URL of the HttpClient used in the API class...

PT-2024-20114 · Truelayer · Truelayer.Client +1

Name of the Vulnerable Software and Affected Versions: TrueLayer.Client versions prior to v1.6.0 Description: The issue could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to...

RHEL 8 : python-urllib3 (RHSA-2024:0588)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0588 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...

CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

Atlassian Confluence SSTI Injection Exploit

This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable. This module requires...

Eclipse Vert.x Security Vulnerability

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM. A security vulnerability exists in the Eclipse Vert.x toolkit that stems from the use of the Netty FastThreadLocal data structure can lead to a memory leak that could be triggered when the Vert.x HTTP...

RHEL 8 : fence-agents (RHSA-2023:7528)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7528 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

AlmaLinux 9 : python-urllib3 (ALSA-2024:0464)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0464 advisory. - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing...

Oracle Linux 9 : python-urllib3 (ELSA-2024-0464)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0464 advisory. - Security fix for CVE-2023-45803 Resolves: RHEL-16874 Tenable has extracted the preceding description block directly from the Oracle Linux security...

PRTG Authenticated Remote Code Execution

class MetasploitModule 'PRTG CVE-2023-32781 Authenticated RCE', 'Description' = %q Authenticated RCE in Paessler PRTG , 'License' = MSFLICENSE, 'Author' = 'Kevin Joensen ', 'References' = 'URL', 'https://baldur.dk/blog/prtg-rce.html', 'CVE', '2023-32781' , 'DisclosureDate' = '2023-08-09',...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:0168-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0168-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation mak...

RHEL 8 : python-urllib3 (RHSA-2024:0300)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0300 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2024-1072)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...