5909 matches found
CVE-2024-32638 Apache APISIX: Forward-Auth Request Smuggling
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue...
CVE-2024-25015
IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278...
CVE-2024-25015 IBM MQ denial of service
IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278...
CVE-2024-25015
IBM MQ has a vulnerability CVE-2024-25015 affecting IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru where a remote attacker could cause a denial of service by sending HTTP requests that consume all available resources. The CVSS base score is 7.5 (NETWORK, NO privileges, no user interaction...
CVE-2023-40533
CVE-2023-40533 is a duplicate of CVE-2022-40468 and is not a separate active vulnerability entry. Connected advisories confirm Tinyproxy vulnerabilities affecting header handling and heap data leakage (notably CVE-2022-40468 and related issues) with remediation through updates to Tinyproxy. Debia...
GHSA-4JRX-5W4H-3GPM Navidrome Parameter Tampering vulnerability
Summary Parameter tampering is a vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. Details The attacker is able to change the parameter values in the body and successfully impersonate another user. In this case, the attacker created a playlist,...
Navidrome Parameter Tampering vulnerability
Summary Parameter tampering is a vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. Details The attacker is able to change the parameter values in the body and successfully impersonate another user. In this case, the attacker created a playlist,...
CVE-2024-32963
Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter valu...
CVE-2024-32963 Parameter Tampering vulnerability in Navidrome
Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter valu...
CVE-2024-32963
Navidrome exposes a parameter tampering vulnerability in HTTP requests that allows an attacker to mutate request body parameters and impersonate other users. The flaw enables actions such as creating playlists, adding songs, posting comments, changing a playlist to public, and assigning the admin...
CVE-2024-32963 Parameter Tampering vulnerability in Navidrome
Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter valu...
freeipa: specially crafted HTTP requests potentially lead to denial of service
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service...
golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body up to 1GiB, causing the receiver to fail reading the response, possibly leading to a Denial of Servic...
ALSA-2024:2147 Moderate: ipa security update
AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: specially crafted HTTP requests potentially lead to denial of service CVE-2024-1481 For more...
ALSA-2024:2160 Moderate: toolbox security update
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: html/template: improper handling of HTML-like comments within script contexts...
Moderate: toolbox security update
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: html/template: improper handling of HTML-like comments within script contexts...
Moderate: ipa security update
AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: specially crafted HTTP requests potentially lead to denial of service CVE-2024-1481 For more...
ALSA-2024:2272 Moderate: containernetworking-plugins security update
The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...
RHEL 9 : buildah (RHSA-2024:2245)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2245 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...
Moderate: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP reques...