EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-3213)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

EulerOS Virtualization 2.9.0 : python-pip (EulerOS-SA-2024-1020)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide an...

EulerOS 2.0 SP11 : python-urllib3 (EulerOS-SA-2023-3285)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2024-1096)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

EulerOS 2.0 SP11 : python-urllib3 (EulerOS-SA-2023-3257)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-3178)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2023-3347)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-3029)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

Oracle Linux 8 : fence-agents (ELSA-2024-0133)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0133 advisory. - bundled urllib3: fix CVE-2023-43804 Resolves: RHEL-11988 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

RHEL 8 : python-urllib3 (RHSA-2024:0116)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0116 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : ecs-init (ALASECS-2024-032)

The version of ecs-init installed on the remote host is prior to 1.75.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-032 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject...

Important: ecs-init

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:0033-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0033-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation mad...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1046)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-2591 · Unknown · Amphp/Http +1

Name of the Vulnerable Software and Affected Versions: amphp/http versions prior to the fixed version amphp/http-client versions 4.0.0-rc10 through 4.0.0 Description: The issue is related to the amphp/http library and its HTTP/2 protocol implementation, specifically with uncontrolled memory...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1020)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-R6R4-5PR8-GJCP Vapor contains an integer overflow in URI leading to potential host spoofing

Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI ty...

Integer overflow

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

Vapor contains an integer overflow in URI leading to potential host spoofing

Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI ty...