CVE-2024-20490 Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...

CVE-2024-20490 Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...

CVE-2024-20490

The CVE-2024-20490 issue affects Cisco Nexus Dashboard Fabric Controller (NDFC) and Nexus Dashboard Orchestrator (NDO). Root cause: HTTP proxy credentials can be recorded in internal logs stored in tech support files, exposing admin credentials in clear text when those files are accessed. Impact:...

Debian dla-3892 : tinyproxy - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3892 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3892-1 [email protected]...

CVE-2024-8642

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...

CVE-2024-8642 Eclipse EDC: Consumer pull transfer token validation checks not applied

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...

CVE-2024-8642

CVE-2024-8642 affects Eclipse Dataspace Components: versions 0.5.0 up to before 0.9.0 suffer from a missing token validity check in ConsumerPullTransferTokenValidationApiController (expiry, not-before, issuance date). This can enable bypass of token expiration protections when a dataplane is conf...

HTTP Open Proxy Detection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Open Proxy Detection', 'Description' = %q Checks if an HTTP proxy is open. False positive are avoided verifying the HTTP return code and...

GHSA-G9PH-J5VJ-F8WM Potential access to sensitive URLs via CKAN extensions (SSRF)

Impact There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their contents e.g. pushing to the DataStore, streaming contents or saving a local...

Potential access to sensitive URLs via CKAN extensions (SSRF)

Impact There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their contents e.g. pushing to the DataStore, streaming contents or saving a local...

CVE-2024-43371

CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their...

CVE-2024-43371 Potential access to sensitive URLs via CKAN extensions (SSRF)

CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their...

CVE-2024-43371

CVE-2024-43371 describes a Server Side Request Forgery (SSRF) in CKAN via multiple plugins (XLoader, DataPusher, Resource proxy, ckanext-archiver) that fetch remote resources without validating the target URL. The underlying issue is that these plugins use the resource URL without restricting des...

CVE-2024-43371 Potential access to sensitive URLs via CKAN extensions (SSRF)

CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their...

Apache Traffic Server Input Validation Error Vulnerability (CNVD-2024-35169)

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an input validation error vulnerability that stems from accepting characters that are not allowed by the HTTP field name and forwarding a...

CVE-2024-41812

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery SSRF vulnerability in the /get route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to...

CVE-2024-41813

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery SSRF vulnerability in the /proxy route of txtdot allows remote attackers to use the server as a proxy ...

CVE-2024-41813 txtdot SSRF vulnerability in /proxy

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery SSRF vulnerability in the /proxy route of txtdot allows remote attackers to use the server as a proxy ...

CVE-2024-41813 txtdot SSRF vulnerability in /proxy

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery SSRF vulnerability in the /proxy route of txtdot allows remote attackers to use the server as a proxy ...

CVE-2024-41813 txtdot SSRF vulnerability in /proxy

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery SSRF vulnerability in the /proxy route of txtdot allows remote attackers to use the server as a proxy ...