Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect Cloud Pak System (CVE-2022-34165, CVE2021-39031)

Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect Cloud Pak System . Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Applicatio...

SNIProxy wildcard backend hosts buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1731 SNIProxy wildcard backend hosts buffer overflow vulnerability March 30, 2023 CVE Number CVE-2023-25076 SUMMARY A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch commit:...

Desktop Central 9.1.0 - Multiple Vulnerabilities

Exploit Title: Desktop Central 9.1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Software Link : http://www.desktopcentral.com Tested Version: 9.1.0 Build No: 91084 Tested on: Windows 10 Vulnerability Type: CRLF injection CRLF - 1 CVSS v3: 6.1 CVSS vector:...

Fedora 37 : gmailctl (2023-ca444fdecf)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ca444fdecf advisory. Rebuild for CVE-20220-3064,41717,41723 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

haproxy: request smuggling attack in HTTP/1 header parsing

A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...

CVE-2023-27569

The eotags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header...

SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2023:0738-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0738-1 advisory. - A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible t...

CVE-2023-28461

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

CVE-2023-28461

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

Remote code execution

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

CVE-2023-28461

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

CVE-2023-28461

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

CVE-2023-24975

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID...

Cross site scripting

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID...

traefik -- Use of vulnerable Go modules net/http, net/textproto

The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary There is a vulnerability which is related to identity spoofing in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway has addressed th...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1442)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1467)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header...

SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:0608-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0608-1 advisory. - A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible t...

CVE-2023-24975 IBM Spectrum Symphony HOST header injection

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID...