Inproper Authorization

Ant Media Server Community Edition is vulnerable to Improper Authorization. The vulnerability is due to improper HTTP header based authorization which allows unauthorized users to potentially access non-administrative API calls reserved for authorized users...

CVE-2024-31484

A vulnerability has been identified in CPC80 Central Processing/Communication All versions V16.41, CPCI85 Central Processing/Communication All versions V5.30, CPCX26 Central Processing/Communication All versions V06.02, ETA4 Ethernet Interface IEC60870-5-104 All versions V10.46, ETA5 Ethernet Int...

CVE-2024-3462

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

CVE-2024-31484

A vulnerability has been identified in CPC80 Central Processing/Communication All versions V16.41, CPCI85 Central Processing/Communication All versions V5.30, CPCX26 Central Processing/Communication All versions V06.02, ETA4 Ethernet Interface IEC60870-5-104 All versions V10.46, ETA5 Ethernet Int...

CVE-2024-31484

CVE-2024-31484 affects Siemens SICAM family: CPC80, CPCI85, CPCX26, ETA4, ETA5, PCCX26 (various versions prior to the listed fixed releases). Root cause is improper null termination when parsing a specific HTTP header, enabling code execution in the current process or a denial-of-service conditio...

PT-2024-3703 · Pccx26 +5 · Pccx26 +5

Name of the Vulnerable Software and Affected Versions: CPC80 Central Processing/Communication versions prior to V16.41 CPCI85 Central Processing/Communication versions prior to V5.30 CPCX26 Central Processing/Communication versions prior to V06.02 ETA4 Ethernet Interface IEC60870-5-104 versions...

CVE-2024-3462 Authorization bypass in Ant Media Server

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

CVE-2024-3462 Authorization bypass in Ant Media Server

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

CVE-2024-3462

Ant Media Server Community Edition is vulnerable to improper HTTP header based authorization, allowing unauthorized users to access non-administrative API calls reserved for authorized users. Affected versions are prior to 2.9.0 (tested); vendor status on a patch is not confirmed. Multiple source...

RHEL 7 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...

RHEL 8 : squid:4 (RHSA-2024:2777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2777 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: denial of...

GHSA-F3H7-GPJJ-WCVH Spin applications with specific configuration vulnerable to potential network sandbox escape

Impact Some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header. If an application's manifest contains a component with configuration such as toml allowedoutboundhosts =...

CVE-2024-32980 Spin contains a potential network sandbox escape for specifically configured Spin applications

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header...

UBUNTU-CVE-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js, which stems from an incorrectly formatted header in the http server that could lead to a smuggled HTTP request...

SUSE: Security Advisory (SUSE-SU-2024:1114-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tinyproxy HTTP Header Handling Memory Misreference Vulnerability

Tinyproxy is a lightweight HTTP/HTTPS proxy server that is primarily used to forward HTTP requests across a computer network. A memory misreference vulnerability exists in Tinyproxy HTTP header handling, which is caused by post-release usage in HTTP connection header parsing. An attacker could...

ALPINE-CVE-2023-49606

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...

CVE-2023-49606

CVE-2023-49606 is a use-after-free in Tinyproxy’s HTTP Connection Headers parsing (affecting 1.11.1 and 1.10.0). A specially crafted, unauthenticated HTTP request can trigger reuse of freed memory, causing memory corruption and potentially remote code execution. Public advisories confirm fixes in...

Important: mod_http2

Issue Overview: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. CVE-2024-27316 Affected Packages: modhttp2 Note: This advisory is...