GHSA-MQ73-G4QR-FGCQ Clickjacking in zenml

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...

OPENSUSE-SU-2024:0150-2 Security update for libhtp

This update for libhtp fixes the following issues: - CVE-2024-23837: excessive processing time of HTTP headers can lead to denial of service boo1220403...

RHEL 6 : curl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - curl: NTLM password overflow via integer overflow CVE-2018-14618 - The default configuration for cURL and...

RHEL 5 : gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gnutls: Heap read overflow in read-packet.c CVE-2017-5337 - The TLS protocol 1.2 and earlier, as used in...

RHEL 7 : curl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - curl: FTP wildcard out of bounds read CVE-2017-8817 - CRLF injection vulnerability in libcurl 6.0 through...

RHEL 6 : wget (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wget: Lack of filename checking allows arbitrary file upload via FTP redirect CVE-2016-4971 - wget: Cooki...

ROS-20240603-04

Vulnerability of modproxy module of Apache HTTP Server web server is related to failure to take measures to process CRLF sequences in HTTP headers. CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker, acting remotely to perform HTTP response splitting attacks...

RHEL 4 : nss (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nss: TOCTOU, potential use-after-free in libssl's session ticket processing MFSA 2014-12 CVE-2014-1490 -...

Headerpwn - A Fuzzer For Finding Anomalies And Analyzing How Servers Respond To Different HTTP Headers

Install To install headerpwn, run the following command: go install github.com/devanshbatham/[email protected] Usage headerpwn allows you to test various headers on a target URL and analyze the responses. Here's how to use the tool: 1. Provide the target URL using the -url flag. 2. Create a...

MinIO information disclosure vulnerability

Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified of the latest...

Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SSTRUSTEDPROXYIPS constant. Eve...

GHSA-87PF-7X99-5XC4 Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SSTRUSTEDPROXYIPS constant. Eve...

Apache Tomcat 8.5.0 < 8.5.58

The version of Tomcat installed on the remote host is prior to 8.5.58. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.58security-8 advisory. - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57...

Oracle Linux 9 : nodejs:20 (ELSA-2024-2853)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2853 advisory. - Backport nghttp2 patch for CVE-2024-28182 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

CVE-2024-31484

A vulnerability has been identified in CPC80 Central Processing/Communication All versions V16.41, CPCI85 Central Processing/Communication All versions V5.30, CPCX26 Central Processing/Communication All versions V06.02, ETA4 Ethernet Interface IEC60870-5-104 All versions V10.46, ETA5 Ethernet Int...

RHEL 7 : python-gunicorn (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-gunicorn: Improper neutralization of CRLF Sequences http/wsgi.py:processheaders can allow an attacker to cau...

Survey Maker < 4.1.0 - IP Address Spoofing

Description The Survey Maker – Best WordPress Survey Plugin plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 4.0.9 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it...

SUSE: Security Advisory (SUSE-SU-2024:1462-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2023-49606

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...

PT-2024-3314 · Tinyproxy +2 · Tinyproxy +2

Name of the Vulnerable Software and Affected Versions: Tinyproxy versions 1.10.0 through 1.11.1 Description: A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy. This vulnerability can be triggered by a specially crafted HTTP header, leading to memory...