16599 matches found
HTTP Request Smuggling
tornado is vulnerable to HTTP Request Smuggling. Tornado deviates from HTTP RFCs by interpreting the characters -, +, and in chunk length and Content-Length values. When used behind proxies that interpret non-standard characters differently, which can lead to request smuggling...
Zyxel NBG6604 Command Injection Vulnerability (CNVD-2023-64085)
The Zyxel NBG6604 is a dual-band wireless router from China's Hopkins Zyxel. The Zyxel NBG6604 V1.01ABIR.1C0 suffers from a command injection vulnerability that stems from a failure to properly filter constructed command special characters, commands, etc. in the NTP function. An attacker can...
Oracle Linux 8 : nodejs:16 (ELSA-2023-4537)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4537 advisory. - Rebase to 16.20.1 Resolves: rhbz2188289 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 Tenable has extracted the preceding...
CVE-2023-40518
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers...
Design/Logic Flaw
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers...
Command injection
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01ABIR.1C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...
CVE-2023-33013
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01ABIR.1C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...
CVE-2023-33013
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01ABIR.1C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...
SUSE-SU-2023:3306-1 Security update for nodejs14
This update for nodejs14 fixes the following issues: - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire bsc1214156. - CVE-2023-32559: Fixed permissions policies bypass vi...
CVE-2023-40518
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers...
CVE-2023-40518
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers...
The vulnerability of the VMware Horizon Server virtualization server, related to improper checking of HTTP requests, allows an attacker to compromise the integrity of protected information.
The vulnerability of the VMware Horizon Server virtualization server lies in improper handling of HTTP requests. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information from a remote location...
VMware Horizon Server < 2111.2 / < 2209.1 / < 2212.1 / < 2306 Multiple Vulnerabilities (VMSA-2023-0017)
The version of VMware Horizon Server installed on the remote Windows host is prior to 2111.2, 2206 or 2209 prior to 2209.1, 2212 prior to 2212.1 or 2302. It is, therefore affected by multiple vulnerabilities: - An HTTP request smuggling vulnerability whereby malicious actor with network access ma...
CVE-2023-33934 Apache Traffic Server: Differential fuzzing for HTTP request parsing discrepancies
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1...
AlmaLinux 8 : nodejs:16 (ALSA-2023:4537)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4537 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x509...
AlmaLinux 8 : nodejs:18 (ALSA-2023:4536)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4536 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x509...
nodejs:16 security, bug fix, and enhancement update
An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...
Moderate: Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: nodejs:18 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 18.16.1. BZ2223630, BZ2223631, BZ2223632, BZ2223633, BZ2223635, BZ2223642 Security Fixes: nodejs...
Rocky Linux 8 : nodejs:16 (RLSA-2023:4537)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4537 advisory. - The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request...