USN-7057-2: WEBrick vulnerability

USN-7057-1 fixed a vulnerability in WEBrick. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that WEBrick incorrectly handled having both a Content- Length header and a Transfer-Encoding header. A remote attacker could possibly use...

CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

Security Bulletin: Multiple Vulnerabilities in Rational Synergy

Summary Vulnerabilities in Eclipse Jetty shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a...

Ubuntu: Security Advisory (USN-7057-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse has a security vulnerability. An attacker could issue multiple XHR requests until the cache was polluted by a response without any...

RESTEasy 环境问题漏洞

RESTEasy is a JBoss.org project open sourced by RESTEasy. It is designed to provide a productivity framework for developing client-side and server-side RESTful applications and services in Java. An environmental issue vulnerability exists in RESTEasy that stems from the improper handling of HTTP...

PT-2024-7091 · Tp Link · Tp-Link Tl-Wdr7660

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WDR7660 version 1.0 Description: The issue is related to the wlanTimerRuleJsonToBin function, which handles input data without proper size validation, potentially leading to a stack overflow. This can be exploited by a remote...

USN-7057-1: WEBrick vulnerability

It was discovered that WEBrick incorrectly handled having both a Content- Length header and a Transfer-Encoding header. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack...

PT-2024-7028 · Unknown +2 · Resteasy-Netty4 +2

Name of the Vulnerable Software and Affected Versions: resteasy-netty4 library affected versions not specified Description: A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an...

Ubuntu 24.04 LTS : WEBrick vulnerability (USN-7057-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7057-1 advisory. It was discovered that WEBrick incorrectly handled having both a Content- Length header and a Transfer- Encoding header. A remote attacker could possibly use this...

CVE-2024-47854

An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...

CVE-2024-47854

An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...

CVE-2024-47854

An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...

CVE-2024-47854

CVE-2024-47854 describes a reflected XSS vulnerability in Veritas Data Insight before 7.1. The issue allows a remote attacker to inject arbitrary web script into an HTTP request, which could be reflected to an authenticated user if executed, due to insufficient sanitization. Affected software: Ve...

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma allows attackers to execute arbitrary code.

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma is related to improper handling of HTTP requests. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-41922

A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-41163

A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-41163

A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-41163

CVE-2024-41163 affects Veertu Anka Build 1.42.0. A directory traversal flaw resides in the archive functionality, exploitable via unauthenticated HTTP requests to the registry endpoints (for example, /api/v1/registry/log/archive or /log/archive), allowing disclosure of sensitive files. CVSSv3.1 b...

CVE-2024-41922

A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...