Cross site request forgery (csrf)

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request...

CVE-2024-1953

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request...

Authentication Bypass

flaskappbuilder is vulnerable to Authentication Bypass. The vulnerability is due to the manipulation of authentication requests to deceive the backend into utilizing any specified OpenID service, which allows an attacker to forge an HTTP request to gain unauthorized privileged access. Note that...

Design/Logic Flaw

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...

CentOS 9 : haproxy-2.4.7-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the haproxy-2.4.7-1.el9 build changelog. - An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and pat...

CentOS 9 : mod_http2-1.15.19-5.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the modhttp2-1.15.19-5.el9 build changelog. - HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Note that Nessus has not tested for this issue but has instead relied only o...

CentOS 9 : toolbox-0.0.99.3-7.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the toolbox-0.0.99.3-7.el9 build changelog. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP...

CentOS 9 : nodejs-16.16.0-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.16.0-1.el9 build changelog. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs...

CentOS 9 : nodejs-16.20.1-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.20.1-1.el9 build changelog. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json...

Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities

The version of Siemens SINEC NMS installed on the remote host is prior to 2.0.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-943925 advisory. - coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers...

GHSA-22F2-V57C-J9CX Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary ruby module Rack class MediaType SPLITPATTERN = %r\s;,\s The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby request"Content-Type" = " "...

Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID

Impact When Flask-AppBuilder is set to AUTHTYPE AUTHOID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the...

CVE-2024-25128

Flask-AppBuilder (FAB) is affected when AUTH_TYPE is set to AUTH_OID. The vulnerability allows forging an HTTP request to trick the backend into using an attacker-controlled OpenID service, potentially granting unauthorized privilege access. The issue is exploitable with OpenID 2.0 and is mitigat...

CVE-2024-25128 Flask-AppBuilder incorrect authentication when using auth type OpenID

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...

CVE-2024-25128

Removed by vendor...

Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID

Impact When Flask-AppBuilder is set to AUTHTYPE AUTHOID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the...

CVE-2024-25400

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not...

MikroTik RouterOs Out-of-bounds Write (CVE-2023-30800)

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed ...

CVE-2024-23839

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...

CVE-2024-0439

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request...