16589 matches found
CVE-2024-42342
Loway QueueMetrics is affected by an HTTP request/response smuggling vulnerability (CWE-444). The linked documents identify the issue in QueueMetrics and cite version 22.11.6 as affected, describing it as an environmental issue vulnerability. No explicit fix/version is provided across the connect...
GO-2024-3118 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill...
CVE-2024-8517
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...
CVE-2024-8517
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...
Security Bulletin: Multiple vulnerabilities in Netty affect Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis
Summary There are vulnerabilities in various versions of Netty that affect Apache Solr, Apache Zookeeper and Logstash. The vulnerabilities are in Vulnerability Details section Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw i...
Security Bulletin: Vulnerability in Go affects watsonx.data
Summary Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. By sendin...
GHSA-G6Q4-W3J3-JFC4 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
CVE-2024-8462
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
CVE-2024-8462
Windmill 1.380.0 is affected by CVE-2024-8462 in the HTTP Request Handler (backend/windmill-api/src/users.rs), leading to improper restriction of excessive authentication attempts. The vulnerability is exploitable remotely with high attack complexity and low reported impact; upgrading to version ...
CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
HTTP Request/Response Smuggling
com.typesafe.akka:akka-http-core is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to accepting malformed messages and handing them over to the user application, which may proxy them to another server without inspection, allowing unintended HTTP requests to reach downstre...
Rejetto HTTP File Server 2.x <= 2.3m RCE (CVE-2024-23692)
The version of Rejetto HTTP File Server installed on the remote host is 2.x up to 2.3m. It is, therefore, affected by a vulnerability: - Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote,...
PT-2024-39029 · Windmill · Windmill
Name of the Vulnerable Software and Affected Versions: Windmill version 1.380.0 Description: A vulnerability exists in the HTTP Request Handler component, affecting an unknown function of the file backend/windmill-api/src/users.rs. This issue leads to improper restriction of excessive...
GHSA-C34R-238X-F7QX Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...
CVE-2024-20440
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...
CVE-2024-20440
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...
CVE-2024-20440
CVE-2024-20440 affects Cisco Smart Licensing Utility (CSLU). An unauthenticated, remote attacker can access sensitive information due to excessive verbosity in a debug log file. Exploitation involves sending a crafted HTTP request to an affected device, potentially exposing log files containing c...