16600 matches found
Advisory ROSA-SA-2023-2203
Software: python 2.7.5 OS: rosa-server79 packageevrstring: python-2.7.5-93.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Node.js
Summary Vulnerabilities in node.js before 18.16.1 affect the Node.js component that is used by IBM Event Streams CVE-2023-30581, CVE-2023-30589, CVE-2023-30585, CVE-2023-30590, CVE-2023-30588. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30589 DESCRIPTION: Node....
Eramba 3.19.1 Remote Command Execution
Trovent Security Advisory 2303-01 Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2502)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
nodejs: HTTP Request Smuggling via Empty headers separated by CR
A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...
Moderate: nodejs security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 16.20.1. BZ2223334, BZ2223336, BZ2223338, BZ2223340, BZ2223342, BZ2223344 Security Fixes: nodejs...
Moderate: nodejs:18 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 18. BZ2223314, BZ2223316, BZ2223318, BZ2223319, BZ2223320, BZ2223354 Security Fixes: nodejs:...
RHEL 9 : nodejs (RHSA-2023:4331)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4331 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Rudder Server SQL Injection / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rudder Server SQLI Remote Code Execution', 'Description' = %q This Metasploit module exploits a SQL injection vulnerability in RudderStack's...
RHEL 9 : nodejs:18 (RHSA-2023:4330)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4330 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2462)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-38285
A vulnerability was found in Trustwave's ModSecurity project due to an inefficient algorithmic complexity flaw. This issue is present in four transformation actions: removeWhitespace, removeNull, replaceNull, and removeCommentsChar. By sending a maliciously crafted HTTP request, an attacker could...
Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)
Exploit Title: Availability Booking Calendar v1.0 - Multiple Cross-site scripting XSS Date: 07/2023 Exploit Author: Andrey Stoykov Tested on: Ubuntu 20.04 Blog: http://msecureltd.blogspot.com XSS 1: Steps to Reproduce: 1. Browse to Bookings 2. Select All Bookings 3. Edit booking and select Promo...
EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2023-2462)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack...
EulerOS Virtualization 3.0.6.6 : httpd (EulerOS-SA-2023-2425)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...
Design/Logic Flaw
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any...
Cisco NX-OS Software NX-API Denial of Service (CVE-2020-3170)
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could...
CVE-2023-37788
A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path "/" with an asterisk ""...
HTTP Request Smuggling (HRS)
llhttp is vulnerable to HTTP Request Smuggling HRS. The vulnerability exists because the http.js does not properly handle the CRLF sequence, allowing an attacker to smuggle HTTP requests by submitting Line feed LF characters without a Carriage Return CR...