Fedora 38 : grafana (2022-8e5d214237)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8e5d214237 advisory. Automatic update for grafana-9.0.9-1.fc38. Changelog Wed Sep 21 2022 Andreas Gerstmayr 9.0.9-1 - update to 9.0.9 tagged upstream community sources, see...

OESA-2024-2183 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix iasize underflow iattr::iasize is a lofft, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Thus there ...

CVE-2024-32974 Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading being called on the stream. As after StopReadin...

Important: tomcat

Issue Overview: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to...

SUSE CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

OESA-2023-1031 jetty security update

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

SUSE-SU-2022:4633-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free bsc1206309...

HTTP Request Smuggling

Overview std/net/http/httputil is a Go standard library package std/net/http/httputil Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report:Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including...

CVE-2021-28096

An issue was discovered in Stormshield SNS before 4.2.3 when the proxy is used. An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections...

CVE-2021-35209

The CVE-2021-35209 issue affects Zimbra Collaboration Suite via the ProxyServlet /proxy implementation. The X-Host header can override the Host header in proxied requests, and the value is not validated against zimbraProxyAllowedDomains, enabling an SSRF-like possibility and open redirect behavio...

CVE-2021-29943

CVE-2021-29943 affects Apache Solr: when using ConfigurableInternodeAuthHadoopPlugin for authentication, Solr versions prior to 8.8.2 forwarded distributed requests using server credentials instead of the original client credentials. This mis-credentialing leads to incorrect authorization resolut...

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

nodejs: HTTP header values do not have trailing optional whitespace trimmed

A flaw was found in Node.js where the HTTPs header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTPs request which is validated by an upstream proxy server, but not by the Node.js HTTPs server...

June 18, 2019—KB4501371 (OS Build 17763.592)

June 18, 2019—KB4501371 OS Build 17763.592 Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Starting with update KB4497934, we are introducing functionality that allows you to decide when to install a feature update. You control when you g...

httpd: mod_proxy_fcgi handle_headers() buffer over read

A buffer overflow flaw was found in modproxyfcgi's handleheaders function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash...

Slackware Advisory SSA:2008-210-04 links

The remote host is missing an update as announced via advisory SSA:2008-210-04. OpenVAS Vulnerability Test $Id: esoftslkssa200821004.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

CVE-2007-5034

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...

Trend Micro Interscan VirusWall 3.53.6 - Content-Length Scan Bypass

Trend Micro Interscan VirusWall 3.53.6 - Content-Length Scan Bypass // source: https://www.securityfocus.com/bid/4265/info Trend Micro InterScan VirusWall is a high performance internet gateway virus scanning package. It is capable of scanning incoming content over HTTP, SMTP and FTP for viruses...

[resend] Avirt Gateway Telnet Vulnerability (and more?)

Strumpf Noir Society Advisories ! Public release ! -- -= Avirt Gateway Telnet Vulnerability and more? =- Release date: Friday, January 18, 2002 Introduction: The Utah, USA-based company Avirt specializes in the development of inter-networking and sharing technologies. As such, it maintains the SO...

MS IE5 + ftp proxy

Problem: IE5 doesn't use proxy for FTP connection if option "Enable folder view for FTP sites" is checked. This option is checked by default. Configuration: tested in 2 configurations: 1. Windows NT 4.0 wrkst + SP5 + IE5.0 2. Windows NT 4.0 wrkst + SP6a + IE5.01 both has a problems. There is no...