2482 matches found
Log4Shell HTTP Scanner
Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP end point for the Log4Shell vulnerability by injectin...
OPENSUSE-SU-2021:4104-1 Security update for python3
This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc bsc1183374. - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server bsc1189241. - CVE-2021-3737: Fixed ReDoS in urllib.request...
SUSE-SU-2021:4104-1 Security update for python3
This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc bsc1183374. - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server bsc1189241. - CVE-2021-3737: Fixed ReDoS in urllib.request...
Security update for python3 (moderate)
openSUSE Security Update: Security update for python3 Announcement ID: openSUSE-SU-2021:4104-1 Rating: moderate References: 1180125 1183374 1183858 1185588 1187668 1189241 1189287 Cross-References: CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVSS scores: CVE-2021-3426 NVD : 5.7...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228 A Zeek package which raises notices, tags HTTP...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Northwave Log4j CVE-2021-44228 checker Friday 10 December 202...
Bosch 多款产品跨站脚本漏洞
Bosch Access Professional Edition is an enterprise access control and security management solution.BOSCH VRM is an application software.Bosch BVMS is an application system. BOSCH VRM is an application software.Bosch BVMS is an application system.Bosch Access Easy Controller Bosch Aec is an...
Cross-site Scripting (XSS) - Reflected in emoncms/emoncms
Description EmonCMS 10.9.19 has 2 reflected XSS vulnerabilities: 1 - one that is executed when a user tries to generate a new app whose name contains javascript code. The vulnerability leverages the default option of displayerrors within the processsettings.php file which produce unsanitized erro...
GHSA-Q3J3-W37X-HQ2Q Webcache Poisoning in symfony/http-kernel
Description ----------- When a Symfony application is running behind a proxy or a load-balancer, you can tell Symfony to look for the X-Forwarded- HTTP headers. HTTP headers that are not part of the "trustedheaders" allowed list are ignored and protect you from "Cache poisoning" attacks. In Symfo...
Webcache Poisoning in symfony/http-kernel
Description ----------- When a Symfony application is running behind a proxy or a load-balancer, you can tell Symfony to look for the X-Forwarded- HTTP headers. HTTP headers that are not part of the "trustedheaders" allowed list are ignored and protect you from "Cache poisoning" attacks. In Symfo...
CVE-2021-20844
CVE-2021-20844 affects Yamaha routers (RTX830, NVR510, NVR700W, RTX1210) via improper neutralization of HTTP request headers in the Web GUI, allowing a remote authenticated attacker to obtain sensitive information through a crafted page. Affected firmware versions are RTX830 <=15.02.17, NVR510...
CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request
Description When a Symfony application is running behind a proxy or a load-balancer, you can tell Symfony to look for the X-Forwarded- HTTP headers. HTTP headers that are not part of the "trustedheaders" allowed list are ignored and protect you from "Cache poisoning" attacks. In Symfony 5.2, we'v...
CVE-2021-42697
CVE-2021-42697 affects Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7, where parsing HTTP headers can stack-exhaust and enable a remote DoS via a User-Agent header containing deeply nested comments. Root cause: stack overflow during header parsing. Public advisories (GHSA/OSV) and explo...
[SECURITY] Fedora 35 Update: haproxy-2.4.4-1.fc35
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...
Python < 3.5.10, 3.6.x < 3.6.12, 3.7.x < 3.7.9, 3.8.x < 3.8.5 Python Issue (bpo-39603) - Mac OS X
http.client in Python is prone to CRLF injection. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...
Python < 3.5.10, 3.6.x < 3.6.12, 3.7.x < 3.7.9, 3.8.x < 3.8.5 Python Issue (bpo-39603) - Windows
http.client in Python is prone to CRLF injection. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...
CVE-2018-19957
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS...
ROS-2-1168
2.1168 Vulnerability in Curl CVE-2020-8177 1. Vulnerability Description: The vulnerability allows a local file on the system to be overwritten when accessing an attacker-controlled server. The problem only occurs when the "-J" "--remote-header-name" and "-i" "--head" options are used...
ROS-2-798
2.798 Vulnerability in Curl CVE-2020-8177 1. Vulnerability Description: The vulnerability allows a local file on the system to be overwritten when accessing an attacker-controlled server. The problem only occurs when the "-J" "--remote-header-name" and "-i" "--head" options are used...
[SECURITY] Fedora 33 Update: haproxy-2.2.16-1.fc33
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...