GHSA-25GQ-JVX2-VG9X Silverstripe X-Forwarded-Host request hostname injection

A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...

Apache Tomcat 7.0.0 < 7.0.100 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.100. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.100security-7 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to...

EulerOS Virtualization 3.0.6.0 : python-urllib3 (EulerOS-SA-2024-1703)

According to the versions of the python-urllib3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redire...

Inproper Authorization

Ant Media Server Community Edition is vulnerable to Improper Authorization. The vulnerability is due to improper HTTP header based authorization which allows unauthorized users to potentially access non-administrative API calls reserved for authorized users...

CVE-2024-31484

A vulnerability has been identified in CPC80 Central Processing/Communication All versions V16.41, CPCI85 Central Processing/Communication All versions V5.30, CPCX26 Central Processing/Communication All versions V06.02, ETA4 Ethernet Interface IEC60870-5-104 All versions V10.46, ETA5 Ethernet Int...

CVE-2024-3462

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

CVE-2024-31484

A vulnerability has been identified in CPC80 Central Processing/Communication All versions V16.41, CPCI85 Central Processing/Communication All versions V5.30, CPCX26 Central Processing/Communication All versions V06.02, ETA4 Ethernet Interface IEC60870-5-104 All versions V10.46, ETA5 Ethernet Int...

CVE-2024-31484

CVE-2024-31484 affects Siemens SICAM family: CPC80, CPCI85, CPCX26, ETA4, ETA5, PCCX26 (various versions prior to the listed fixed releases). Root cause is improper null termination when parsing a specific HTTP header, enabling code execution in the current process or a denial-of-service conditio...

PT-2024-3703 · Pccx26 +5 · Pccx26 +5

Name of the Vulnerable Software and Affected Versions: CPC80 Central Processing/Communication versions prior to V16.41 CPCI85 Central Processing/Communication versions prior to V5.30 CPCX26 Central Processing/Communication versions prior to V06.02 ETA4 Ethernet Interface IEC60870-5-104 versions...

CVE-2024-3462 Authorization bypass in Ant Media Server

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

CVE-2024-3462 Authorization bypass in Ant Media Server

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

CVE-2024-3462

Ant Media Server Community Edition is vulnerable to improper HTTP header based authorization, allowing unauthorized users to access non-administrative API calls reserved for authorized users. Affected versions are prior to 2.9.0 (tested); vendor status on a patch is not confirmed. Multiple source...

RHEL 7 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...

RHEL 8 : squid:4 (RHSA-2024:2777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2777 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: denial of...

GHSA-F3H7-GPJJ-WCVH Spin applications with specific configuration vulnerable to potential network sandbox escape

Impact Some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header. If an application's manifest contains a component with configuration such as toml allowedoutboundhosts =...

CVE-2024-32980 Spin contains a potential network sandbox escape for specifically configured Spin applications

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header...

UBUNTU-CVE-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js, which stems from an incorrectly formatted header in the http server that could lead to a smuggled HTTP request...

SUSE: Security Advisory (SUSE-SU-2024:1114-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tinyproxy HTTP Header Handling Memory Misreference Vulnerability

Tinyproxy is a lightweight HTTP/HTTPS proxy server that is primarily used to forward HTTP requests across a computer network. A memory misreference vulnerability exists in Tinyproxy HTTP header handling, which is caused by post-release usage in HTTP connection header parsing. An attacker could...