Lucene search
K

275 matches found

RedHat Linux
RedHat Linux
added 2024/04/02 7:34 p.m.4 views

python-aiohttp: http request smuggling

An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...

6.5CVSS7.1AI score0.0102EPSS
Exploits1References5
Amazon
Amazon
added 2024/04/01 12:0 a.m.4 views

Important: squid

Issue Overview: A flaw was found in squid. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements ...

9.3CVSS7.3AI score0.05765EPSS
Exploits0
OSV
OSV
added 2024/03/06 10:53 a.m.24 views

BIT-HAPROXY-2023-25950

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...

7.3CVSS7AI score0.02942EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.12 views

openSUSE: Security Advisory for python (openSUSE-SU-2023:0233-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.01176EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.12 views

openSUSE: Security Advisory for python (openSUSE-SU-2023:0232-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.01176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/01/08 10:34 p.m.51 views

CVE-2024-21647

A flaw was found in Puma rubygem. Versions prior 6.4.2 are susceptible to a HTTP smuggling attack when parsing chunked transfer encoding bodies on HTTP messages, which don't limit the size of the message chunk extensions. This issue may lead to uncontrolled resource consumption, possibly resultin...

7.5CVSS6.8AI score0.00958EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/11/15 2:48 p.m.32 views

yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection

Impact The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. To pass extra control data between...

5CVSS6.8AI score0.00318EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.45 views

Amazon Linux 2023 : squid (ALAS2023-2023-429)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-429 advisory. 2023-12-06: CVE-2023-46728 was added to this advisory. Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 pri...

9.3CVSS6.7AI score0.10221EPSS
Exploits0References10
OSV
OSV
added 2023/11/09 11:37 p.m.9 views

MGASA-2023-0315 Updated squid packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP. CVE-2023-46846 Denial of Service in HTTP Digest Authentication. CVE-2023-46847 Denial of Service in FTP. CVE-2023-46848...

9.3CVSS9AI score0.85944EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/11/09 12:0 a.m.29 views

SUSE SLES15 Security Update : squid (SUSE-SU-2023:4384-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4384-1 advisory. - Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 an...

9.3CVSS7.4AI score0.85944EPSS
Exploits0References13
OSV
OSV
added 2023/11/08 10:7 a.m.4 views

SUSE-SU-2023:4384-1 Security update for squid

This update for squid fixes the following issues: - CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP bsc1216500. - CVE-2023-46847: Denial of Service in HTTP Digest Authentication bsc1216495. - CVE-2023-46724: Fix validation of certificates with CN= bsc1216803. - CVE-2023-46848:...

9.3CVSS8.7AI score0.85944EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2023/11/07 10:27 a.m.4 views

squid: Request/Response smuggling in HTTP/1.1 and ICAP

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

9.3CVSS5.9AI score0.05255EPSS
Exploits0References5
OSV
OSV
added 2023/11/06 3:51 p.m.7 views

SUSE-SU-2023:4380-1 Security update for squid

This update for squid fixes the following issues: - CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP bsc1216500. - CVE-2023-46847: Denial of Service in HTTP Digest Authentication bsc1216495. - CVE-2023-46724: Fix validation of certificates with CN= bsc1216803. - CVE-2023-46848:...

9.3CVSS8.7AI score0.85944EPSS
Exploits0References9
OSV
OSV
added 2023/11/03 8:15 a.m.2 views

ALPINE-CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

5.3CVSS7AI score0.05255EPSS
Exploits0References1
OSV
OSV
added 2023/11/03 8:15 a.m.1 views

UBUNTU-CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

9.3CVSS6.8AI score0.05255EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 7:46 p.m.37 views

Security Bulletin: IBM Storage Ceph is vulnerable to an HTTP request/response smuggling vulnerablity in Golang Go

Summary Golang Go is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-32189, CVE-2022-41715. Vulnerability Details CVEID: CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in...

7.5CVSS7.8AI score0.02607EPSS
Exploits2Affected Software1
OSV
OSV
added 2023/10/26 8:26 a.m.22 views

SUSE-SU-2023:4210-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: - Updated to version 9.4.53.v20231009: - CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods bsc1216169. - CVE-2023-36478: Fixed an integer overflow in the HTTP/2 HPACK decoder bsc1216162. - CVE-2023-40167:...

7.5CVSS7.8AI score0.99999EPSS
Exploits22References11
OSV
OSV
added 2023/08/20 10:1 a.m.2 views

OPENSUSE-SU-2023:0233-1 Security update for python-mitmproxy

This update for python-mitmproxy fixes the following issues: - CVE-2021-39214: Fixed HTTP smuggling attacks boo1190603...

9.8CVSS9.5AI score0.01176EPSS
Exploits0References3
OSV
OSV
added 2023/08/20 10:1 a.m.4 views

OPENSUSE-SU-2023:0232-1 Security update for python-mitmproxy

This update for python-mitmproxy fixes the following issues: - CVE-2021-39214: Fixed HTTP smuggling attacks boo1190603...

9.8CVSS9.5AI score0.01176EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2023/08/20 12:0 a.m.11 views

Security update for python-mitmproxy (moderate)

openSUSE Security Update: Security update for python-mitmproxy Announcement ID: openSUSE-SU-2023:0233-1 Rating: moderate References: 1190603 Cross-References: CVE-2021-39214 CVSS scores: CVE-2021-39214 NVD : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...

9.8CVSS7.2AI score0.01176EPSS
Exploits0References1
Rows per page
Query Builder