br.com.zup.beagle:beagle-micronaut-starter (>=1.1.0 <=2.1.0), com.bertramlabs.plugins:asset-pipeline-micronaut (>=3.0.7 <=4.3.0) +40 more potentially affected by CVE-2024-23639 via io.micronaut:micronaut-http-server-netty (>=1.0.1 <=3.8.0)

io.micronaut:micronaut-http-server-netty MAVEN version =1.0.1, =1.1.0, =3.0.7, =1.3.0, =3.1.1, =0.99.0, =1.3.12, =0.1.0, =0.1.0, =1.0.6, =1.0.0, =3.2.0 - io.micronaut.example:micronaut-graphql-example-chat =1.4.0 - io.micronaut.example:micronaut-graphql-example-hello-world-groovy =1.4.0 -...

br.com.zup.beagle:beagle-micronaut-starter (>=1.1.0 <=2.1.0), com.agorapulse:gru-micronaut (>=0.9.1 <=1.4.0) +169 more potentially affected by CVE-2024-23639 via io.micronaut:micronaut-http-server (>=1.0.0 <=3.8.2)

io.micronaut:micronaut-http-server MAVEN version =1.0.0, =1.1.0, =0.9.1, =1.0.0-micronaut-1.0, =3.0.7, =1.3.0, =0.1.0, =3.1.1, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.2.0 - com.pulsarix.micronaut:micronaut-security-attributes =1.0.0 and more Source cves: CVE-2024-23639 Source...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1143)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1172)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1192)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-23452

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.51.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description： The httpparser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a...

CVE-2024-23452

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.51.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description： The httpparser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a...

Cross site request forgery (csrf)

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.51.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The httpparser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a...

CVE-2024-23452

Apache bRPC’s HTTP server (versions 0.9.5–1.7.0) is affected by a request-smuggling issue caused by non-compliance of the http_parser with RFC 7230 when handling messages with both Transfer-Encoding and Content-Length. In the described scenario, a frontend server using TE can cause a backend bRPC...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-1192)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is otherwise allowed o...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-1172)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is otherwise allowed o...

Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet

On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. AndroxGh0st is a Python-based malware, first seen in late 2022, designed to target Laravel .env files an...

RHEL 8 : container-tools:3.0 (RHSA-2024:0564)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0564 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes:...

RHEL 8 : curl (RHSA-2024:0585)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0585 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1102)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1117)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : httpd:2.4 (RHSA-2023:1672)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1672 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting wi...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2024-1102)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is otherwise allowed o...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2024-1117)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is otherwise allowed o...

USN-6597-1: Puma vulnerability

It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to consume resources, leading to a denial of service...