Amazon Linux AMI : squid (ALAS-2024-1933)

The version of squid installed on the remote host is prior to 3.5.20-17.55. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1933 advisory. Due to chunked decoder lenience Squid is vulnerable to Request/Response smuggling attacks when parsing HTTP/1.1 and ICAP messages...

Fedora 40 : freeipa (2024-9fc8015fa9)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9fc8015fa9 advisory. Automatic update for freeipa-4.11.1-4.fc40. Changelog Wed Feb 21 2024 Rob Crittenden - 4.11.1-4 - Security release: CVE-2024-1481 - Resolves: rhbz2265129...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-gunicorn (SUSE-SU-2024:1440-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1440-1 advisory. - CVE-2024-1135: Fixed HTTP Request Smuggling bsc1222950 Tenable has extracted the preceding description...

RHEL 8 : Satellite 6.14.2 Async Security Update (Important) (RHSA-2024:0797)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0797 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

RHEL 7 : rh-nodejs8-nodejs (RHSA-2019:1821)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1821 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

openSUSE Security Advisory (SUSE-SU-2024:1440-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Datapower Operations Dashboard could allow HTTP request smuggling CVE-2023-46589

Summary Apache Tomcat is used by the IBM Datapower Operations Dashboard in its server implementation. Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By sending a specially craft...

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

CVE-2023-6116 Remote Code Execution without authentication using stack overflow

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report...

CVE-2023-6116 Remote Code Execution without authentication using stack overflow

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report...

CVE-2023-6116

Hanwha Vision NVR/DVR remote code execution (CVE-2023-6116) arises from a flaw that allows arbitrary code execution by injecting code into HTTP request parameters. The vulnerability affects Hanwha Vision network video recorders (NVRs) and digital video recorders (DVRs) where the base address of s...

Denial Of Service (DoS)

io.quarkus.resteasy.reactive:resteasy-reactive is vulnerable to Denial Of Service. The vulnerability is due to security checks for certain JAX-RS endpoints being performed after serialization, causing increased processing resources to be consumed during HTTP request checks. Attackers with knowled...

PT-2024-14884 · Camera · Camera

Name of the Vulnerable Software and Affected Versions: Camera affected versions not specified Description: A flaw has been discovered that allows for remote code execution on the camera. An attacker could inject malicious code into HTTP request packets to execute arbitrary code. The estimated...

Cisco Adaptive Security Appliance Software Web Services DoS Vulnerability (cisco-sa-asaftd-websrvs-dos-X8gNucD2)

According to its self-reported version, the remote Cisco ASA Software is affected by a denial of service DoS vulnerability, due to incomplete error checking when parsing HTTP headers. An unauthenticated, remote attacker can exploit this issue, via specially crafted HTTP request, to cause the syst...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from the presence of an issue where a team administrator can demote a user to guest via an HTTP request. The vulnerability affects the following...

Quarkus: security checks in resteasy reactive may trigger a denial of service

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...

CVE-2024-1726 Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...

CVE-2024-1726

Quarkus RESTEasy Reactive contains a denial-of-service vulnerability (CVE-2024-1726) where security checks for some inherited JAX-RS endpoints are performed after serialization, causing increased resource usage when an attacker knows POST/PUT/PATCH paths. This could lead to DoS as endpoints proce...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400-pot Simple honeypot for CVE-2024-3400 Palo Alto...

Important: Red Hat Security Advisory: Satellite 6.15.0 release

An update is now available for Red Hat Satellite 6.15. The release contains a new version of Satellite and important security fixes for various components. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base scor...