16606 matches found
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2191)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : httpd (EulerOS-SA-2023-2148)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header...
Important: squid
Issue Overview: Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. CVE-2016-10003 An issue was...
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression
SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was considered complete. If trailing junk data was appended ...
GHSA-V3R5-PJPM-MWGQ Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
Unauthenticated Blind SSRF
Description The Oxeye research team found Owncast vulnerable to an Unauthenticated Blind SSRF vulnerability. This vulnerability may allow an unauthenticated attacker to force the Owncast server to send HTTP requests to arbitrary locations using the GET HTTP method. This vulnerability also allows...
Mozilla: Internal Blind Server-Side Request Forgery (SSRF) allows scanning internal ports
Vulnerability description not provided...
EulerOS Virtualization 2.11.0 : httpd (EulerOS-SA-2023-2123)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression
SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was considered complete. If trailing junk data was appended ...
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2123)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2071)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : squid (ALAS-2023-1757)
The version of squid installed on the remote host is prior to 3.5.20-17.46. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1757 advisory. An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTT...
httpd: HTTP request splitting with mod_rewrite and mod_proxy
A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...
CVE-2023-27989
A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00ABUV.8C0 could allow a remote authenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...
Buffer overflow
A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00ABUV.8C0 could allow a remote authenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...
CVE-2023-27989
A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00ABUV.8C0 could allow a remote authenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...
RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 (RHSA-2023:3354)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3354 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...
CVE-2023-33476
ReadyMedia MiniDLNA versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the...