Debian dla-3751 : libapache2-mod-auth-openidc - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3751 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3751-1 [email protected] https://www.debian.org/lts/security/...

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2024:0732-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0732-1 advisory. Security issues fixed: CVE-2023-46809: Node.js is vulnerable to the Marvin Attack timing variant of the Bleichenbacher attack again...

CentOS 9 : podman-4.6.0-0.3.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the podman-4.6.0-0.3.el9 build changelog. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...

Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities

The version of Siemens SINEC NMS installed on the remote host is prior to 2.0.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-943925 advisory. - coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers...

Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution

Cisco Talos has disclosed more than 30 vulnerabilities in February, including seven in Adobe Acrobat Reader, one of the most popular PDF editing and reading software currently available. Adversaries could exploit these vulnerabilities to trigger the reuse of a previously freed object, thus causin...

Advisory ROSA-SA-2024-2362

Software: modauthopenidc 2.3.7 OS: ROSA Virtualization 2.1 packageevrstring: modauthopenidc-2.3.7-11.rv3 CVE-ID: CVE-2019-14857 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is an open redirect issue in URLs with a slash at the end, similar to CVE-2019-3877 in modauthmellon. CVE-STATUS: Fixed...

MikroTik RouterOS Uncontrolled Resource Consumption (CVE-2018-1157)

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request. This plugin only works with Tenable.ot. Please visit...

MikroTik RouterOS Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2018-1159)

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...

MikroTik RouterOS Uncontrolled Recursion (CVE-2019-13955)

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected. This plugin only works with Tenable.ot. Please...

MikroTik RouterOS Allocation of Resources Without Limits or Throttling (CVE-2019-13954)

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected. This plugin only works with...

MikroTik RouterOS Uncontrolled Recursion (CVE-2018-1158)

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

IBM HTTP Server 8.5.0.0 < 8.5.5.24 / 9.0.0.0 < 9.0.5.16 Request Splitting Attacks (6963650)

The version of IBM HTTP Server running on the remote host is affected by an request splitting attack vulnerability due to an error when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch. A remote attacker could exploit this vulnerability to bypass access controls in the...

Security Bulletin: IBM Aspera Console 3.4.2 PL7 has addressed multiple vulnerabilities (CVE-2022-37436, CVE-2021-34798)

Summary This Security Bulletin addresses security vulnerabilities that have been remediated CVE-2022-37436, CVE-2021-34798 in IBM Aspera Console 3.4.2 PL7. Vulnerability Details CVEID:CVE-2022-37436 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by the us...

Apache bRPC Environment Issue Vulnerability

Apache bRPC is the United States Apache Apache Foundation's industrial-grade RPC framework for building reliable and high-performance services. Apache bRPC suffers from an environmental issue vulnerability that stems from the presence of an HTTP server request smuggling vulnerability that can be...

PT-2024-2590

Name of the Vulnerable Software and Affected Versions nghttp2 versions prior to the fixed version Apache HTTP Server versions prior to the fixed version Apple Software affected versions not specified NetApp ONTAP affected versions not specified Fedoraproject Fedora affected versions not specified...

Denial Of Service

nodejs:sid is vulnerable to Denial Of Service. The vulnerability is due to the HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, this server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

F5 Networks BIG-IP : cURL vulnerability (K000138650)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138650 advisory. - This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than...

CVE-2023-45318

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability...

Heap overflow

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2023-45318

Weston Embedded uC-HTTP-server (CVE-2023-45318) suffers a heap-based buffer overflow in Protocol Version parsing of HTTP requests, triggered by a misupdated RxBufLenRem during HTTPsReq_ProtocolVerParse, enabling arbitrary code execution. Affected: Weston Embedded uC-HTTP git commit 80d4004 (and r...