378 matches found
python-aiohttp: http request smuggling
An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...
python-aiohttp: http request smuggling
An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...
PT-2024-5350 · Jq +1 · Jq +1
Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.10.8 Argo CD versions prior to 2.9.13 Argo CD versions prior to 2.8.17 Description: The issue is related to a Denial of Service DoS vulnerability via Out of Memory OOM using jq in ignoreDifferences. This...
python-aiohttp: http request smuggling
An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...
Interpretation Differences
net/mail in GO is vulnerable to Interpretation Differences. The vulnerability is due to the ParseAddressList function incorrectly handling comments text within parentheses inside display names. The parser handles the display names different then conforming address parsers, which could result in...
UBUNTU-CVE-2021-47119
In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4fillsuper Buffer head references must be released before calling killbdev; otherwise the buffer head and its page referenced by bdata will not be freed by killbdev, and subsequently that bh will be...
GHSA-494H-9924-XWW9 Pterodactyl Wings vulnerable to improper isolation of server file access
Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory sandbox root is...
vantage6 vulnerable to a username timing attack on recover password/MFA token
Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...
Exploring the Differences Between Residential Proxies and VPNs: Which is Right for You?
By Uzair Amir VPN or Residential Proxies: Which is best? Let's explore without diving into technical details. This is a post from HackRead.com Read the original post: Exploring the Differences Between Residential Proxies and VPNs: Which is Right for You?...
CVE-2023-50306
IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337...
Dell BSAFE Micro Edition Suite 安全漏洞
The Dell BSAFE Micro Edition Suite is a Dell development toolkit that provides encryption, certificate and transport layer security for c/c++ applications, devices and systems. An information disclosure vulnerability exists in Dell BSAFE Micro Edition Suite versions prior to 4.5.2, which can be...
User Enumeration
vantage6 is vulnerable to User Enumeration. The vulnerability is due to observable differences in response timing between valid and invalid usernames within login requests. This issue can be exploited by an attacker to enumerate through valid usernames...
gnutls: timing side-channel in the RSA-PSK authentication
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...
VulnCheck KEV: CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...
Rocky Linux 8 : nss and nspr (RLSA-2020:3280)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:3280 advisory. - Improper refcounting of soft token session objects could cause a use-after-free and crash likely limited to a denial of service. This vulnerability...
Azure vs. AWS Developer Tools Guide
Azure vs. AWS — which should you use for your DevOps environment? Discover the differences, similarities, and use cases to make an informed decision...
Tadiran Telecom Aeonix 安全漏洞
Tadiran Telecom Aeonix is a purely software-based Unified Communications and Collaboration UC&C solution from Tadiran Telecom, Israel. A security vulnerability exists in Tadiran Telecom Aeonix that stems from the presence of a false comparison vulnerability that allows an attacker to conduct an...
Intrusion Detection & Prevention Systems Guide
IDPS, IDS, IPS… what’s the difference? Discover key differences between intrusion detection and prevention systems as well as 9 technical and non-technical questions to ask when evaluating vendors...
Intrusion Detection & Prevention Systems Guide
IDPS, IDS, IPS… what’s the difference? Discover key differences between intrusion detection and prevention systems as well as 9 technical and non-technical questions to ask when evaluating vendors...
Overcoming Challenges in Delivering Machine Learning Models from Research to Production
So, you’ve finished your research. You developed a machine learning ML model, tested, and validated it and you’re now ready to start development, and then push the model to production. The hard work -- the research -- is finally behind you. Or is it? Understanding the Challenges in Machine Learni...