OESA-2025-1467 cobbler security update

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

RLSA-2024:6192 Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

CVE-2025-43859

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

DEBIAN-CVE-2025-43859

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

CVE-2025-2861 Cleartext Transmission of Sensitive Information vulnerability in saTECH BCU

SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately...

CVE-2025-1868

Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by...

Linux Distros Unpatched Vulnerability : CVE-2024-45797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and...

CVE-2025-1868 Information display on multiple products from Famatech Corp

Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by...

CVE-2025-1868

CVE-2025-1868 describes an NTLM leakage vulnerability in Famatech’s Advanced IP Scanner and Advanced Port Scanner. When a network scan is initiated, the tools may emit the NTLM hash of the scanning user, enabling an attacker to intercept traffic to a legitimate or fake server to extract the user ...

Oracle Agile Product Lifecycle Management (PLM) 9.3.6.x < 9.3.6.26

The version of Oracle Agile Product Lifecycle Management PLM on the remote host is 9.3.6.x prior to 9.3.6.26. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Export. The supported version that is...

nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap

A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an...

The vulnerability of the Web Services component of the Oracle Hyperion Data Relationship Management data management application allows a perpetrator to gain full control over the application.

The vulnerability of the Web Services component of the Oracle Hyperion Data Relationship Management data management application relates to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the...

CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46...

CVE-2024-28871

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available...

CVE-2025-0631

A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text...

The vulnerability of the Shopping Cart component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores. This vulnerability exists in the Oracle E-Business Suite, a software solution for automating business operations. It allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, as well as the Oracle E-Business Suite system for automating business operations, is related to deficiencies in the authentication process. Exploiti...

The vulnerability of the components of the Oracle Enterprise Command Center Framework allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Diagnostics components of the Oracle Enterprise Command Center Framework is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through the HTTP network protocol...

Medium: grpc

Issue Overview: It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occu...

[SECURITY] Fedora 41 Update: python-aiohttp-3.10.5-3.fc41

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

PT-2024-41474 · Hikvision · Ds-2Cd1Xxxg0 +11

Уязвимость реализации протокола HTTP служб DynDNS и NO-IP микропрограммного обеспечения IP-камер Hikvision связана с передачей конфиденциальной информации в незашифрованном виде. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить атаку типа «человек посередине»...