GHSA-WGMR-MF83-7X4J Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service

Description Invalid HTTP/2 requests for example, invalid URIs are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying ...

tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine

A flaw was found in Apache Tomcat. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet can trigger an infinite loop, resulting in a denial of service. The highest threat from this vulnerability is to system availability...

Fedora: Security Advisory for squid (FEDORA-2022-0fa51087e7)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: dnscrypt-proxy-2.1.1-4.fc36

A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP/2. Features: - DNS traffic encryption and authentication. Supports DNS-over-HTTPS DoH and DNSCrypt. - DNSSEC compatible - DNS query monitoring, with separate log files for regular and...

Jenkins Plugin Project Inheritance 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

[SECURITY] [DLA 3062-1] ublock-origin security update

Debian LTS Advisory DLA-3062-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 29, 2022 https://wiki.debian.org/LTS Package : ublock-origin Version : 1.42.0+dfsg-1deb9u1 CVE ID : CVE-2021-36773 Debian Bug : 991386 uBlock, a Firefox add-on and efficient ads,...

GHSA-77MV-4RG7-R8QV Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy

The nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cookies being inadvertently exposed to such services that should not see them. The patched...

WordPress Plugin iQ Block Country IP Spoofing Attack Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An IP spoofing attack vulnerability exists in WordPress plugin iQ Block Country version 1.2.13 and prior versions, which stems from not properly...

miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Put the following payload in the...

Update on the Confluence 0-day vulnerability (CVE-2022-26134)

We want to share this update regarding the critical Confluence 0-day vulnerability CVE-2022-26134. On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution RCE...

Atlassian Releases Security Advisory for Confluence Server and Data Center, CVE-2022-26134

Atlassian has released a security advisory to address a remote code execution vulnerability CVE-2022-26134 affecting Confluence Server and Data Center products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known...

Attacker can block LayerZero channel

Lines of code Vulnerability details Impact According to the LayerZero docs, the default behavior is that when a transaction on the destination application fails, the channel between the src and dst app is blocked. Before any new transactions can be executed, the failed transaction has to be retri...

Authorization

In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1,...

CVE-2022-31215

In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1,...

NodeSecurityShield - A Developer And Security Engineer Friendly Package For Securing NodeJS Applications

A Developer and Security Engineer friendly package for Securing NodeJS Applications. Inspired by the log4J vulnerability CVE-2021-44228 which can be exploited because an application can make arbitrary network calls. We felt there is an need for an application to declare what privileges it can hav...

Cross site request forgery (csrf)

There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account...

CVE-2021-27758

There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account...

GHSA-5CW4-GGX9-36VG Apache Tomcat Denial of Service via Malformed Request Headers

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in RDMA listen CVE-2021-4028 kernel: heap out of bounds write in nfdupnetdev.c CVE-2022-25636 For more details about the security issues, including the impact, a CVSS score...