CVE-2023-45899

An issue in the component SuperUserSetuserModuleFrontController:init of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call...

CVE-2023-45803

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

CVE-2023-46848

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input...

CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

PT-2023-7069 · Memcached +5 · Memcached +5

Name of the Vulnerable Software and Affected Versions: memcached versions prior to 1.6.22 Description: The issue is related to a buffer overflow in the proxy run coroutine function in memcached, which can be exploited by a remote attacker using a specially crafted HTTP request. This can lead to a...

K000137322: BIG-IP iRule or LTM policy may generate multiple HTTP redirect responses

Security Advisory Description A specifically crafted HTTP request may lead the BIG-IP system to generate multiple HTTP redirect responses. This issue occurs when all of the following conditions are met: A virtual server has one or more of the following configurations: An iRule with an...

Critical: squid

Issue Overview: An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for October 2023

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.14.2 IF001 Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...

Path Traversal

coderedcms is vulnerable to Path Traversal. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Wagtail CRX CodeRed Extensions server. The request would contain a specially crafted path that would cause the server to serve the attacker a file...

Authentication Bypass

homeassistant is vulnerable to Authentication Bypass. The vulnerability is caused by an attacker triggering a webhook that are marked as only accessible from the local network, even when the attacker is not connected to the local network. The attacker could exploit this vulnerability by sending a...

CVE-2023-44256

A server-side request forgery vulnerability CWE-918 in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal...

Server side request forgery (ssrf)

A server-side request forgery vulnerability CWE-918 in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal...

CVE-2023-44256

A server-side request forgery vulnerability CWE-918 in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal...

CVE-2023-44256

A server-side request forgery vulnerability CWE-918 in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal...

Information Disclosure

bunkum is vulnerable to Information Disclosure. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Bunkum application. This request would cause the application to release a token from its cache, and then immediately reuse the token. The attack...

Denial Of Service (DoS)

torbot is vulnerable to Denial of Service DoS. An attacker is able to cause a denial-of-service DoS conditions on a vulnerable system by exploiting a regular expression that has exponential complexity by tricking a user into opening a malicious link or by sending a specially crafted HTTP request ...

Security Bulletin: IBM Rational Build Forge is vulnerable to HTTP request smuggling due to the use of Apache HTTP server (CVE-2022-26377).

Summary Apache HTTP server is used by IBM Rational Build Forge. This fix includes Apache Http Server 2.4.54 Vulnerability Details CVEID:CVE-2022-26377 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of HTTP Requests vulnerability i...

Use After Free

vim is vulnerable to Use After Free. An attacker could exploit this vulnerability by tricking a user into opening a malicious URL or by sending a specially crafted HTTP request to a vulnerable web server. The request would contain a specially crafted curl command that would cause the curl library...

Squid security vulnerability

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in versions prior to Squid 6.4, which stems from improper handling of the chunking...

CVE-2023-43801

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...