Fedora 39 : llhttp / python-aiohttp / uxplay (2024-f83b123d63)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-f83b123d63 advisory. Update llhttp to 9.2.1, fixing CVE-2024-27982. Additionally, llhttp 9.2.0 contained a number of bug fixes. Backport llhttp 9.2.1 support to python-aiohttp...

Fedora 38 : llhttp / python-aiohttp / uxplay (2024-5dc487ee89)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-5dc487ee89 advisory. Update llhttp to 9.2.1, fixing CVE-2024-27982. Additionally, llhttp 9.2.0 contained a number of bug fixes. Backport llhttp 9.2.1 support to python-aiohttp...

CVE-2024-31991

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safescrapehtml function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it,...

SUSE-SU-2024:1355-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation bsc1222384...

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2024-1543)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-1524)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...

Oracle HTTP Server (April 2024 CPU)

The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory: - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Plugins BSAFE Crypto-J. Supported versions that are affected are...

Silicon Labs Gecko Platform HTTP server header parsing invalid pointer dereference vulnerability

Talos Vulnerability Report TALOS-2024-1945 Silicon Labs Gecko Platform HTTP server header parsing invalid pointer dereference vulnerability April 18, 2024 CVE Number CVE-2023-51391 SUMMARY An invalid pointer dereference vulnerability exists in the HTTP server header parsing functionality of Silic...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-24795, CVE-2023-38709)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

USN-6729-2: Apache HTTP Server vulnerabilities

USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly...

Exploit for Deserialization of Untrusted Data in Apache Kafka_Connect

Apache Druid CVE-2023-25194 CVE-2023-25194 is a deserializati...

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2024:1308-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1308-1 advisory. - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc12222...

Apache 2.4.x < 2.4.58 Out-of-Bounds Read (CVE-2023-31122)

The version of Apache httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.58 advisory. - modmacro buffer over-read: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server. This issue affects Apache HTTP...

Apache 2.4.x < 2.4.54 Authentication Bypass

The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by an authentication bypass vulnerability as referenced in the 2.4.54 advisory. - X-Forwarded-For dropped by hop-by-hop mechanism in modproxy: Apache HTTP Server 2.4.53 and earlier may not send...

Apache 2.4.x < 2.4.54 Multiple Vulnerabilities (mod_lua)

The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.54 advisory. - Denial of service in modlua r:parsebody: In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that...

Apache 2.4.x < 2.4.54 Out-Of-Bounds Read (CVE-2022-28330)

The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by an out-of-bounds read vulnerability as referenced in the 2.4.54 advisory. - Read beyond bounds in modisapi: Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when...

Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server vulnerabilities (USN-6729-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-2 advisory. USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

CVE-2024-20991

CVE-2024-20991 affects Oracle HTTP Server (Web Listener) in Oracle Fusion Middleware, specifically version 12.2.1.4.0. The issue, described across multiple sources, enables an unauthenticated attacker with network access via HTTP to read a subset of Oracle HTTP Server data due to insufficient pro...

CVE-2023-51391 Micrium OS Network uC-HTTP server header parsing invalid pointer dereference vulnerability

A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service...

CVE-2023-51391 Micrium OS Network uC-HTTP server header parsing invalid pointer dereference vulnerability

A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service...