Debian dla-3127 : libhttp-daemon-perl - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3127 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3127-1 [email protected] https://www.debian.org/lts/security/...

PT-2022-37521 · Clamav · Clamav

Name of the Vulnerable Software and Affected Versions: clamav versions prior to 0.103.7 Description: The issue is related to the clamav software, where an update to version 0.103.7 fixes several problems, including the upgrade of the UnRAR library to version 6.1.7, a fix for the logical signature...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

AZL-10529 CVE-2022-1705 affecting package golang for versions less than 1.18.5-1

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

CVE-2022-1705

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

CVE-2022-1705

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

GHSA-G48F-FF5H-5F64 Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file...

nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTUREDREPLY before proxying everything else a client sends to the server, potentially leading the client to terminat...

Google Tensorflow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that stems from the simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow being prone to segmentation errors. No detailed...

Mageia: Security Advisory (MGASA-2014-0006)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Node.js: Node.js Certificate Verification Bypass via String Injection

This is a report on behalf of Google, who did not want to report through H1. --- Summary Node’s APIs for reporting certificate fields are ambiguous and allow bypassing certificate verification in some circumstances. Details In light of CVE-2021-3712, I’ve been looking at code which misuses...

SonicWall SMA100 has an unspecified vulnerability

The Sonicwall SMA100 is a secure access gateway appliance from Sonicwall, Inc. A security vulnerability exists in the SonicWall SMA100 that could be exploited by an unauthenticated remote attacker to bypass firewall rules by using the SMA100 as an unexpected proxy or intermediate undetectable pro...

OESA-2021-1399 mutt security update

Mutt is a small but very powerful text-based mail client for Unix operating systems. Security Fixes: Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.CVE-2020-14154...

in livehelperchat/livehelperchat

Description Sensitive data on the application can be exposed after the user logout Proof of Concept 1 Login to the application demo.livehelperchat.com/siteadmin/ 2 Go to page like My Account , or Any other page 3 Click logout 4 Click browser back button Impact When a user logs out without closing...

EulerOS 2.0 SP2 : freerdp (EulerOS-SA-2021-2370)

According to the versions of the freerdp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in updatereadiconinfo. It allows reading a attacker-defined amount...

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in Google TensorFlow versions prior to 2.6.0. The vulnerability stems from the MLIR optimization of the L2NormalizeReduceAxis operator. An attacker can exploit the vulnerability to cause a...