PT-2023-24816

Name of the Vulnerable Software and Affected Versions AMI MegaRAC SPx12 affected versions not specified Description The issue allows a user to bypass authentication by spoofing the HTTP header, potentially leading to loss of confidentiality, integrity, and availability. This is achieved by...

curl: CVE-2023-38039: HTTP header allocation DOS

A vulnerability was discovered in curl that allowed an attacker to cause a denial-of-service DOS condition on a user's system. By setting up a malicious HTTP server and continuously sending new headers, the attacker could exhaust system resources, leading to system instability or crash. The issue...

SUSE CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

Apache Pulsar Authorization Issues Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

CVE-2023-28362

A Cross-site Scripting XSS vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance o...

Security Bulletin: There are several vulnerabilities in Liberty used by the IBM Maximo Manage application in the IBM Maximo Application Suite

Summary There are several vulnerabilities in Liberty used by the IBM Maximo Manage application in the IBM Maximo Application Suite. These vulnerabiblities have been addressed. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a local authenticated attacker to gain elevat...

Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

CVE-2023-30428

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

CVE-2023-30428 Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

CVE-2023-30428

CVE-2023-30428: Apache Pulsar Broker Rest Producer improper authorization allows an authenticated user with a custom HTTP header to produce messages to any topic using the broker’s admin role. Affected: Pulsar Brokers 2.9.0–2.9.5; 2.10.0–2.10.3; 2.11.0. Exploitation requires direct broker access ...

Apache Pulsar 安全漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

Sql injection

Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...

Cross site scripting

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

PYSEC-2023-115

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

CVE-2023-36829 Sentry CORS misconfiguration vulnerability

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-24329 DESCRIPTION: Python could allow a remote attacker to bypass securit...

CVE-2023-26137

All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n carriage return line feeds characters to end the HTTP response headers and...

Exploit for Cross-site Scripting in Citrix Gateway

CVE-2023-24488 POC for CVE-2023-24488 Citrix Gateway...

EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2023-2269)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an...