16603 matches found
Cross site scripting
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the socket.io parent package. Older versions are not impacted. A...
CVE-2023-31125 Uncaught exception in engine.io
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the socket.io parent package. Older versions are not impacted. A...
CVE-2023-31125 Uncaught exception in engine.io
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the socket.io parent package. Older versions are not impacted. A...
EulerOS 2.0 SP11 : httpd (EulerOS-SA-2023-1758)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header...
EulerOS 2.0 SP11 : httpd (EulerOS-SA-2023-1780)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1737)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.2.0 : httpd (EulerOS-SA-2023-1737)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affec...
HTTP Request Smuggling
github.com/ory/oathkeeper is vulnerable to HTTP Request Smuggling. The vulnerability exists because the header set by the mutator can be dropped if the headers name is in the Connection header, which results in the downstream server not receiving the X-Subject header...
engine.io Uncaught Exception vulnerability
Impact A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. TypeError: Cannot read properties of undefined reading 'handlesUpgrades' at Server.onWebSocket build/server.js:515:67 This impacts all the users of the engine.io...
Security Bulletin: AIX is vulnerable to HTTP request smuggling due to Perl (CVE-2022-31081)
Summary A vulnerability in libwww-perl could allow an attacker to poison web caches, bypass web application firewall protection, and conduct XSS attacks CVE-2022-31081. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2022-31081 DESCRIPTION: Libwww is vulnerab...
Advisory ROSA-SA-2023-2161
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5.src.rpm CVE-ID: CVE-2022-28614 BDU-ID: 2022-04102 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the aprwrite function of the Apache HTTP Server web server is related to integer overflow. Exploitation of the...
AIX is vulnerable to HTTP request smuggling due to Perl
IBM SECURITY ADVISORY First Issued: Wed May 3 09:23:25 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perladvisory6.asc Security Bulletin: AIX is vulnerable to HTTP request smuggling due to Perl CVE-2022-31081...
PT-2023-9399 · Yealink · Yealink Meeting Server
Name of the Vulnerable Software and Affected Versions: Yealink Meeting Server versions prior to V26.0.0.67 Description: The issue is related to insufficient protection of service data, allowing a remote attacker to gain access to user credentials. This can be achieved by sending an HTTP request...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Golang Go. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. By sending a specially-crafted HTTP...
GHSA-22GJ-8QJ2-FJ46 Moodle External Control of File Name or Path vulnerability
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...
Moodle External Control of File Name or Path vulnerability
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...
CVE-2023-30943
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...
CVE-2023-30943
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...
Path traversal
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...
CVE-2023-30943
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...