RHEL 8 : python-urllib3 (RHSA-2024:0116)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0116 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : ecs-init (ALASECS-2024-032)

The version of ecs-init installed on the remote host is prior to 1.75.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-032 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject...

Important: ecs-init

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:0033-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0033-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation mad...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1046)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-2591 · Unknown · Amphp/Http +1

Name of the Vulnerable Software and Affected Versions: amphp/http versions prior to the fixed version amphp/http-client versions 4.0.0-rc10 through 4.0.0 Description: The issue is related to the amphp/http library and its HTTP/2 protocol implementation, specifically with uncontrolled memory...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1020)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-R6R4-5PR8-GJCP Vapor contains an integer overflow in URI leading to potential host spoofing

Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI ty...

Integer overflow

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

Vapor contains an integer overflow in URI leading to potential host spoofing

Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI ty...

Splunk __raw Server Info Disclosure

Splunk 6.2.3 through 7.0.1 allows information disclosure by appending /raw/services/server/info/server-info?outputmode=json to a query. Versisons 6.6.0 through 7.0.1 require authentication. Module Options msf use auxiliary/gather/splunkrawserverinfo msf auxiliarysplunkrawserverinfo show actions...

Craft CMS 4.4.14 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 4.0.0-RC1 through 4.4.14. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Craft CMS...

AlmaLinux 9 : fence-agents (ALSA-2023:7753)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7753 advisory. - Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts...

Amazon Linux 2023 : python3-urllib3 (ALAS2023-2023-454)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-454 advisory. urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the...

python-urllib3: Cookie request header isn't stripped during cross-origin redirects

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2023-3348)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-3347)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : fence-agents (RHSA-2023:7753)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7753 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-bc1f081ca0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...