GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)

Summary An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. Attacker can abuse this to scan internal networks and gain information about them then exploit further. Moreover,...

CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

muhttpd versions 1.1.5 and earlier are vulnerable to path traversal

Overview Versions 1.1.5 and earlier of the mu HTTP deamon muhttpd are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device. Descriptio...

OPENSUSE-SU-2021:1279-1 Security update for haserl

This update for haserl fixes the following issues: Update to version 0.9.36: Fixed: Its possible to issue a PUT request without a CONTENT-TYPE. Assume an octet-stream in that case. This is CVE-2021-29133 and boo1187671 Change the Prefix for variables to be the REQUESTMETHOD PUT/DELETE/GET/POST TH...

SOL16344 - Apache Tomcat vulnerability CVE-2014-0227

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...