CVE-2023-44860

CVE-2023-44860 affects NETIS SYSTEMS N3Mv2 v1.0.1.865. A flaw in the authorization component of the HTTP request allows a remote attacker to cause a denial of service. Public details in connected sources confirm the DoS impact but do not provide exploit code or exact vectors beyond the HTTP-based...

Rocky Linux 8 : nodejs:18 (RLSA-2023:4536)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4536 advisory. - The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request...

SUSE-SU-2023:3975-1 Security update for python-gevent

This update for python-gevent fixes the following issues: - CVE-2023-41419: Fixed a http request smuggling bsc1215469...

Security Bulletin: IBM Security Verify Privilege On-Premise is affected by multiple security vulnerabilities

Summary IBM Security Verify Privilege On-Premise has addressed several security issues. Please apply the fix as detailed below. Vulnerability Details CVEID:CVE-2022-43891 DESCRIPTION: IBM Security Verify Privilege On-Premises could allow a remote attacker to obtain sensitive information when a...

Cisco Unified Communications Manager DoS (cisco-sa-cucm-apidos-PGsDcdNF)

According to its self-reported version, Cisco Unified Communications Manager running on the remote host is affected by a denial of service DoS vulnerability. Due to improper API authentication and incomplete verification of the API request, an unauthenticated, remote attacker can send a specially...

Cisco Unity Connection DoS (cisco-sa-cucm-apidos-PGsDcdNF)

According to its self-reported version, Cisco Unity Connection running on the remote host is affected by a denial of service DoS vulnerability. Due to improper API authentication and incomplete verification of the API request, an unauthenticated, remote attacker can send a specially crafted HTTP...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-puma (SUSE-SU-2023:3957-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3957-1 advisory. - CVE-2023-40175: Fixed HTTP request smuggling when parsing chunked transfer encoding bodies and zero- length content-length headers...

Cisco Unified Communications Manager IM & Presence DoS (cisco-sa-cucm-apidos-PGsDcdNF)

According to its self-reported version, Cisco Unified Communications Manager IM & Presence running on the remote host is affected by a denial of service DoS vulnerability. Due to improper API authentication and incomplete verification of the API request, an unauthenticated, remote attacker can se...

Cisco Emergency Responder DoS (cisco-sa-cucm-apidos-PGsDcdNF)

According to its self-reported version, Cisco Emergency Responder running on the remote host is affected by a denial of service DoS vulnerability. Due to improper API authentication and incomplete verification of the API request, an unauthenticated, remote attacker can send a specially crafted HT...

Cisco Unified Communications Manager DoS (cisco-sa-cucm-dos-4Ag3yWbD)

The version of Cisco Unified Communications Manager installed on the remote host is prior to 12.51SU8 or is version 14 prior to 14SU3. It is, therefore, affected by a denial-of-service vulnerability. Due to insufficient validation of user-supplied input to the web UI of the Self Care Portal, an...

Input validation

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for devic...

CVE-2023-20259

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for devic...

SUSE-SU-2023:3957-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: - CVE-2023-40175: Fixed HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers bsc1214425...

CVE-2023-4884

An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication...

CVE-2023-4884 Multiple vulnerabilities in Open5GS

An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication...

CVE-2023-4884

CVE-2023-4884 affects the Open5GS implementation (Open5GS 2.4.10 and earlier) where missing authentication allows a remote attacker to send an HTTP request to an Open5GS endpoint and retrieve information stored on the device. The root cause is an access-control/authentication flaw in the Open5GS ...

CVE-2023-4884 Multiple vulnerabilities in Open5GS

An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication...

CVE-2023-3654

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network...

CVE-2023-3654 Origin Check Bypass

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network...

Open5GS 访问控制错误漏洞

Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. An Access Control Error vulnerability exists in Open5GS version 2.4.10 and earlier, which stems from a lack of authentication, and can be exploited by an attacker to send an HTTP request to a...