3693 matches found
Important: squid security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of service in HTTP request...
PT-2024-19192 · Elspec · Elspec G5 Digital Fault Recorder
Name of the Vulnerable Software and Affected Versions: Elspec G5 digital fault recorder versions 1.1.4.15 and before Description: An issue was discovered in the HTTP header parsing mechanism, allowing unauthenticated memory corruption to occur. Recommendations: For Elspec G5 digital fault recorde...
ALSA-2024:1375 Important: squid:4 security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of service in HTTP request...
CLSA-2024-1710789017 Fix CVE(s): CVE-2024-25617
SECURITY UPDATE: Denial of Service attack against HTTP header parsing - debian/patches/CVE-2024-25617.patch: Improve handling of expanding HTTP header values - CVE-2024-25617...
Tomcat: HTTP/2 header handling DoS
A vulnerability was found in the Tomcat package due to its handling of HTTP/2 requests. Specifically, when an HTTP/2 request surpasses the predetermined limits for headers configured within the server, the associated HTTP/2 stream isn't reset immediately. Instead, the reset action occurs only aft...
Security Bulletin: IBM Transformation Extender Advanced is vulnerable to multiple issues due to IBM WebSphere Application Server Liberty.
Summary IBM Transformation Extender Advanced, previously known as IBM Standards Processing Engine, uses IBM WebSphere Application Server Liberty. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons...
CLSA-2024-1710436968 squid: Fix of CVE-2024-25617
CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...
CLSA-2024-1710436895 squid: Fix of CVE-2024-25617
CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...
CLSA-2024-1710436449 Fix CVE(s): CVE-2024-25617
SECURITY UPDATE: Denial of Service attack against HTTP header parsing - debian/patches/CVE-2024-25617.patch: Improve handling of expanding HTTP header values - CVE-2024-25617...
Cross site scripting
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
CVE-2024-0386
CVE-2024-0386 : The weForms plugin for WordPress is vulnerable to a stored XSS via the Referer header in all versions up to 1.6.21, caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary scripts that will execute in pages viewed by...
CVE-2024-1226
The CVE-2024-1226 entry concerns Rejetto Http File Server, where the software does not properly neutralize certain characters when data is placed in outgoing HTTP headers. This header injection can allow an attacker to control the HTTP response and potentially perform cross-site scripting and cac...
Description of the security update for SharePoint Server 2019: March 12, 2024 (KB5002562)
Description of the security update for SharePoint Server 2019: March 12, 2024 KB5002562 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-21426...
weForms < 1.6.22 - Unauthenticated Stored Cross-Site Scripting via Referer
Description The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
BIT-MEDIAWIKI-2021-42045
An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote...
BIT-GOLANG-2022-41717 Excessive memory growth in net/http and golang.org/x/net/http2
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
BIT-DJANGO-2021-32052
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...
BIT-FLINK-2020-17518 Apache Flink directory traversal attack: remote file writing through the REST API
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...
Important: Red Hat Security Advisory: squid security update
An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2023-38944
An issue in Multilaser RE160V firmware v12.03.01.09pt and Multilaser RE163V firmware v12.03.01.10pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header...