16590 matches found
Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: HTTP request smuggling via malformed trailer headers CVE-2023-46589 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
ALSA-2024:1134 Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: HTTP request smuggling via malformed trailer headers CVE-2023-46589 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
CVE-2022-43890
IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453...
Information disclosure
IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453...
CVE-2022-43890 IBM Security Verify Privilege On-Premises information disclosure
IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453...
CVE-2022-43890 IBM Security Verify Privilege On-Premises information disclosure
IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453...
CVE-2022-43890
CVE-2022-43890 affects IBM Security Verify Privilege On-Premises (IBM Security Verify Privilege On-Premises 11.5 and earlier). Root cause: inadequate protection of sensitive information, leading to information disclosure via an HTTP request and potential use to support further attacks. Impact: ex...
TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution Exploit
!/usr/bin/env python -- coding: utf-8 -- TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution Vendor: AAF Digital HD Forum | Atelmo GmbH Product web page: http://www.aaf-digital.info | https://www.atemio.de Affected version: Firmware =2.01 Summary: The Atemio AM 520 HD Full HD...
Boss Mini 1.4.0 - local file inclusion Exploit
Exploit Title: Boss Mini 1.4.0 - local file inclusion Exploit Author: nltt0 https://github.com/nltt-br CVE: CVE-2023-3643 ''' / \ | | / | | / / | | \ --. | | / | |/ | ' \ / |/ / | --. \ | /\ | | | | | | | | | | \ // / /,||,|| ||, |/|// / | |/ ''' from requests import post from...
openSUSE Security Advisory (SUSE-SU-2024:0208-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for squid (SUSE-SU-2023:4544-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:3957-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for nodejs12 (SUSE-SU-2023:3455-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Uncontrolled Resource Consumption
Mattermost is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to the failure in limiting the number of role names that can be requested from the API. An attacker can cause the server to run out of memory and crash by issuing an unusually large HTTP request...
PT-2024-2026 · Ibm · Ibm Watson Cp4D Data Stores
Name of the Vulnerable Software and Affected Versions: IBM Watson CP4D Data Stores versions 4.6.0 through 4.6.2 Description: The issue is related to errors in handling HTTP requests and improper input validation, which could allow a remote attacker to impact data integrity. An attacker with...
CVE-2024-1624 OS Command Injection vulnerability affecting documentation server on certain Releases of 3DEXPERIENCE, SIMULIA Abaqus, SIMULIA Isight and CATIA Composer
An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release...
GHSA-VM9M-57JR-4PXH Mattermost fails to limit the number of role names
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request...
SUSE-SU-2024:0730-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to 18.19.1: security updates CVE-2024-21892: Code injection and privilege escalation through Linux capabilities bsc1219992. CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks...
CVE-2024-1953
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request...
Cross site request forgery (csrf)
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request...