Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1020)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-2591 · Unknown · Amphp/Http +1

Name of the Vulnerable Software and Affected Versions: amphp/http versions prior to the fixed version amphp/http-client versions 4.0.0-rc10 through 4.0.0 Description: The issue is related to the amphp/http library and its HTTP/2 protocol implementation, specifically with uncontrolled memory...

GHSA-R6R4-5PR8-GJCP Vapor contains an integer overflow in URI leading to potential host spoofing

Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI ty...

Integer overflow

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

Vapor contains an integer overflow in URI leading to potential host spoofing

Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI ty...

Splunk __raw Server Info Disclosure

Splunk 6.2.3 through 7.0.1 allows information disclosure by appending /raw/services/server/info/server-info?outputmode=json to a query. Versisons 6.6.0 through 7.0.1 require authentication. Module Options msf use auxiliary/gather/splunkrawserverinfo msf auxiliarysplunkrawserverinfo show actions...

Craft CMS 4.4.14 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 4.0.0-RC1 through 4.4.14. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Craft CMS...

AlmaLinux 9 : fence-agents (ALSA-2023:7753)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7753 advisory. - Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts...

Amazon Linux 2023 : python3-urllib3 (ALAS2023-2023-454)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-454 advisory. urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the...

python-urllib3: Cookie request header isn't stripped during cross-origin redirects

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-3347)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : fence-agents (RHSA-2023:7753)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7753 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2023-3348)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-bc1f081ca0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : llhttp / python-aiohttp / uxplay (2023-bc1f081ca0)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-bc1f081ca0 advisory. Security fix for CVE-2023-47627 https://pagure.io/fesco/issue/3106 python-aiohttp 3.8.6 2023-10-07...

ownCloud Phpinfo Reader

Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker m...

Design/Logic Flaw

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

PYSEC-2023-250

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

CVE-2023-49081

CVE-2023-49081 affects aiohttp (HTTP header/HTTP version validation issues) with remediation across multiple vendors: Debian advisories show fixes for python-aiohttp (Debian 11 bullseye: 3.7.4-1+deb11u1; DSA-5828-1 fixes to 3.8.4-1+deb12u1), IBM Storage Fusion bulletin requires upgrading to 2.8.0...

RHEL 8 : fence-agents (RHSA-2023:7407)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7407 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...