[SECURITY] [DLA 3886-1] nodejs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3886-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 14, 2024 https://wiki.debian.org/LTS -...

Debian dla-3886 : libnode-dev - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3886 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3886-1 [email protected]...

RHSA-2021:0937 Red Hat Security Advisory: rubygem-em-http-request security update

Bulletin has no description...

CVE-2024-6840 Automation-controller: gain access to the k8s api server via job execution with container group

An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via automountServiceAccountToken: true, resulting in privilege escalation to a service account...

Security Bulletin: Potential denial of service vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2021-33813)

Summary An XXE issue allows attacker to cause denial of service in Apache Solr. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit thi...

Beckhoff TwinCAT/BSD Buffer Copy without Checking Size of Input (CVE-2024-41176)

The MPD package included in TwinCAT/BSD allows an authenticated, low- privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user root via a crafted HTTP request. This plugin only works with Tenable.ot. Please visit...

VICIdial 2.14-917a Remote Code Execution Vulnerability

An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Title: VICIdial Authenticated Remo...

CVE-2024-45597

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...

CVE-2024-45597 Pluto's http.request allows CR and LF in header values

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...

CVE-2024-45597 Pluto's http.request allows CR and LF in header values

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...

CVE-2023-44254

An authorization bypass through user-controlled key CWE-639 vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request...

CVE-2024-21753

Fortinet FortiClientEMS is affected by a path traversal vulnerability (CVE-2024-21753) across multiple releases: 1.2.1–1.2.5, 6.0.0–6.0.8, 6.2.0–6.2.9, 6.4.0–6.4.9, 7.0.0–7.0.13, and 7.2.0–7.2.4. The issue stems from improper limitation of a pathname to a restricted directory, allowing a remote a...

CVE-2023-44254

An authorization bypass through user-controlled key CWE-639 vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request...

CVE-2023-44254

An authorization bypass through user-controlled key CWE-639 vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request...

CVE-2023-44254

CVE-2023-44254 describes an authorization bypass via a user-controlled key (CWE-639) in Fortinet FortiAnalyzer and FortiManager. Affected: FortiAnalyzer 7.4.1 and prior to 7.2.5; FortiManager 7.4.1 and prior to 7.2.5. Impact stated: remote attacker with low privileges could read sensitive data th...

Dairy Farm Shop Management System 1.2 SQL Injection / Code Execution

============================================================================================================================================= | Title : Dairy Farm Shop Management System 1.2 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

PT-2024-7641 · Python +2 · Python +2

Name of the Vulnerable Software and Affected Versions: pyload-ng version 0.5.0b3.dev85 pyload running under python3.11 or below Description: The issue is related to insufficient input validation in the pyload software, allowing a remote attacker to execute arbitrary code by sending a specially...

CVE-2024-42342

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...

CVE-2024-42342 Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...

CVE-2024-42342 Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...