Fedora 39 : python-aiohttp (2024-e0057e6044)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e0057e6044 advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...

Fedora 38 : python-aiohttp (2024-f34786d26f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f34786d26f advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...

RHEL 6 / 7 : rh-nginx110-nginx (RHSA-2019:2745)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2745 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

RHEL 7 : rh-nginx114-nginx (RHSA-2018:3681)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3681 advisory. - nginx: Excessive memory consumption via flaw in HTTP/2 implementation CVE-2018-16843 - nginx: Excessive CPU usage via flaw in HTTP/2...

RHEL 7 : rh-nginx112-nginx (RHSA-2018:3680)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3680 advisory. - nginx: Excessive memory consumption via flaw in HTTP/2 implementation CVE-2018-16843 - nginx: Excessive CPU usage via flaw in HTTP/2...

GHSA-C5PJ-MQFH-RVC3 vulnerabilities

Vulnerabilities for packages: docker...

CVE-2024-3154 vulnerabilities

Vulnerabilities for packages: wolfictl, buildah, ctop, opentelemetry-collector-contrib, cadvisor-fips, cadvisor, opentelemetry-collector-contrib-fips, grype, neuvector-scanner, kubernetes, kubernetes-fips...

Nginx 1.25.5 Host Header Validation Vulnerability

Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for malice. Nginx = 1.25.5 $host variable validation bug Intro: In the "Host" header sent to Nginx web server you can't just insert a dot or something like that, because a filtering...

Nginx 1.25.5 Host Header Validation

Nginx = 1.25.5 $host variable validation bug Intro: In the "Host" header sent to Nginx web server you can't just insert a dot or something like that, because a filtering rules exists there. The ngxhttpvalidatehost function is responsible for filtering...

AZL-43372 CVE-2024-27306 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

CVE-2024-27306

CVE-2024-27306 : An XSS vulnerability exists in aiohttp’s index pages for static file handling. Root cause: improper validation of input on index/static file pages. The issue is fixed in aiohttp 3.9.4. Public advisories recommend upgrading to the patched version; for those unable to upgrade, a wo...

CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

CVE-2023-44487 affecting package nginx for versions less than 1.25.4-1

CVE-2023-44487 affecting package nginx for versions less than 1.25.4-1. An upgraded version of the package is available that resolves this issue...

SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

Description The plugin only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX. PoC Install the plugin on a server that doesn't...

nginxWebUI OS Command Injection Vulnerability

nginxWebUI is an nginx web configuration tool. An operating system command injection vulnerability exists in nginxWebUI, which stems from the file parameter of the /adminPage/main/upload file failing to properly filter constructed command special characters, commands, and so on. An attacker can...

CVE-2024-3737

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit ha...