Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: code injection and privilege escalation through Linux capabilities CVE-2024-21892 nodejs: reading unprocessed HTTP request with unbounded...

Oracle Linux 8 : nodejs:16 (ELSA-2024-1444)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1444 advisory. - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging Tenable h...

TOMP Bare Server 安全漏洞

TOMP Bare Server is an open source library from Tomp Web Proxies. A security vulnerability exists in TOMP Bare Server versions prior to 2.0.2, which stems from improper handling of HTTP requests by the omphttp/bare-server-node package...

EulerOS Virtualization 2.11.1 : python-urllib3 (EulerOS-SA-2024-1407)

According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...

nodejs security update

1:16.20.2-4.0.1 - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019...

EulerOS Virtualization 2.11.0 : python-urllib3 (EulerOS-SA-2024-1435)

According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...

nodejs:16 security update

nodejs 1:16.20.2-4.0.1 - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging 26-1 - nodejs.prov: find namespaced bundled dependencies - Apply https://src.fedoraproject.org/rpms/nodejs-packaging/c/e24e7df...

Important: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 For more details about the security...

Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: HTTP/2: Multiple HTTP/2 enabled...

ALSA-2024:1438 Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 For more details about the security...

Oracle Linux 9 : squid (ELSA-2024-1376)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-1376 advisory. - Resolves: RHEL-19555 - squid: denial of service in HTTP request parsing CVE-2023-50269 - Resolves: RHEL-28614 - squid: Denial of Service in HTTP...

squid security update

7:5.5-6.0.1.8 - Rebuild with release bump 7:5.5-6.8 - Resolves: RHEL-19555 - squid: denial of service in HTTP request parsing CVE-2023-50269 7:5.5-6.7 - Resolves: RHEL-28614 - squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 7:5.5-6.6 - Resolves: RHEL-26091 - squid: denial of...

ALSA-2024:1444 Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: HTTP/2: Multiple HTTP/2 enabled...

CVE-2023-50811

An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many...

squid: denial of service in HTTP request parsing

A flaw was found in Squid, which is susceptible to a Denial of Service DoS due to an Uncontrolled Recursion bug, specifically targeting HTTP Request parsing. Exploiting this issue involves a remote client initiating a DoS attack by sending an oversized X-Forwarded-For header when the...

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Deserialization Gadget chain in Symfony sfNamespacedParameterHolder

Summary Symfony 1 has a gadget chain due to dangerous unserialize in sfNamespacedParameterHolder class that would enable an attacker to get remote code execution if a developer unserialize user input in his project. Details This vulnerability present no direct threat but is a vector that will...

CVE-2023-50811

SELESTA Visual Access Manager 4.38.6 is affected by CVE-2023-50811. The vulnerability allows an attacker to modify the POST parameter named “computer” that encodes the ID of a specific reception via HTTP POST interception. By iterating this parameter, an attacker can gain access to the applicatio...

RHEL 8 : squid:4 (RHSA-2024:1375)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1375 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: deni...