5908 matches found
GHSA-XX83-CXMQ-X89M Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Boundary Community Edition and Boundary Enterprise “Boundary” incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary...
CVE-2024-12289
Boundary Community Edition and Boundary Enterprise “Boundary” incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary...
CVE-2024-12289 Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Boundary Community Edition and Boundary Enterprise “Boundary” incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary...
CVE-2024-12289 Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Boundary Community Edition and Boundary Enterprise “Boundary” incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary...
CVE-2024-45206
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources...
CVE-2024-45206
The CVE-2024-45206 issue affects Veeam Service Provider Console (SPC) up through 8.0.x. It allows an attacker to perform arbitrary HTTP requests to arbitrary hosts in the network and access information about internal resources. Remediation: upgrade to Veeam Service Provider Console 8.1.0.21377 or...
CVE-2024-45206
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources...
CVE-2024-45206
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources...
ProjectSend Improper Authentication Vulnerability
ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload...
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Summary When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie...
CVE-2024-53990
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...
CVE-2024-53990
The CVE-2024-53990 issue affects the AsyncHttpClient (AHC) library where an auto-enabled CookieStore silently replaces cookies with the same name from the cookie jar. This can cause cookies from one user to be used in another user’s requests, creating potential unauthorized data exposure in multi...
CVE-2024-53990 AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...
CVE-2024-53990
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...
Server Side Request Forgery (SSRF)
github.com/openshift/console is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to the lack of proper checks on the /api/dev-console/proxy/internet endpoint, which allows authenticated users to make arbitrary HTTP requests from the console's pod to services inside the...
CVE-2024-53008
CVE-2024-53008 is confirmed in multiple advisories affecting HAProxy across Linux distributions (Amazon Linux 2023, EulerOS 2.0 SP12, Photon OS 4, TencentOS Server 4, Astra Linux). The issue is described as an insecure interpretation of HTTP requests (HTTP Request/Response Smuggling) that may all...
CVE-2024-11680
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...
CVE-2024-11680 ProjectSend Unauthenticated Configuration Modification
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...
CVE-2024-11680 ProjectSend Unauthenticated Configuration Modification
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...
CVE-2024-11680
ProjectSend exposes an improper authentication/authorization vulnerability that affects versions prior to r1720 (r1605 and older per sources). An unauthenticated remote attacker can exploit crafted requests to options.php to modify configuration, enabling account creation, file uploads (including...