Updated ruby-webrick packages fix security vulnerability

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. CVE-2024-47220...

SUSE: Security Advisory (SUSE-SU-2024:3939-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : ruby2.1 (SUSE-SU-2024:3939-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:3939-1 advisory. - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 Tenable has extracted the preceding description block directly from the SUSE...

Security update for ruby2.1

This update for ruby2.1 fixes the following issues: CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...

SUSE-SU-2024:3939-1 Security update for ruby2.1

This update for ruby2.1 fixes the following issues: - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930...

CVE-2024-51504

CVE-2024-51504 affects ZooKeeper Admin Server via IPAuthenticationProvider. Default IP detection uses HTTP headers (X-Forwarded-For) and can be spoofed, leading to authentication bypass for IP-based auth. Admin commands like snapshot/restore may be exploited after bypass. Impact: potential inform...

Security Bulletin: IBM Sterling Control Center is affected by vulnerability in Apache Tomcat

Summary OSS Scan Vulnerability - Apache Tomcat 8.5.70 & Apache Tomcat 8.5.75 with multiple CVEs and affecting Sterling Control Center v6.2.1. Vulnerability Details CVEID:CVE-2021-42340 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket...

CVE-2024-20537

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker...

CVE-2024-20476

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

CVE-2024-20476

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

CVE-2024-20537 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker...

CVE-2024-20476 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

CVE-2024-20476 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

CVE-2024-20476

CVE-2024-20476 affects Cisco Identity Services Engine (ISE) in its web-based management interface. The issue stems from lack of server-side validation of Administrator permissions, allowing an authenticated, remote attacker to bypass file-management authorization. An attacker could exploit this b...

[SECURITY] [DLA 3947-1] puma security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3947-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 06, 2024 https://wiki.debian.org/LTS -...

RHEL 7 : xerces-c (RHSA-2024:8795)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8795 advisory. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and writ...

RHEL 6 / 7 : rh-nginx110-nginx (RHSA-2017:2538)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2538 advisory. Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance an...

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence AI framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an...

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...