269 matches found
GHSA-PP9M-QF39-HXJC S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation
Summary A Reflected Cross-site Scripting XSS vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted domain, posing a high risk to all users. Details Give all details ...
CVE-2024-57782
An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service...
CVE-2024-57782
An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service...
Astra Linux – Vulnerability in PHP 8.2
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, and 8.3. before 8.3.14, when using streams with a configured proxy and the “requestfulluri” option, the URI is not properly sanitized. This can lead to HTTP request smuggling, allowing attackers to use the proxy to send arbitrary HTTP reques...
CVE-2024-56200
Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...
grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend
A flaw was found in Google gRPC due to HPACK table poisoning between the proxy and backend so that other clients see failed requests, resulting in a denial of service. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent...
The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma allows attackers to access confidential information.
The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma involves the proxy server sending a response back to another unknown client. Exploiting this vulnerability allows an attacker operating remotely to gain access to confidential information...
CVE-2024-30128
The vulnerability affects the HCL Nomad server on Domino . It is an open proxy flaw that allows an unauthenticated attacker to mask their original source IP address, potentially deceiving users into exposing sensitive information. Product/vendor/version details in the connected PT-2024-23201 entr...
HCL Nomad 安全漏洞
HCL Nomad is an application for using and managing the Domino application development platform in mobile devices from HCL Corporation, USA. A security vulnerability exists in HCL Nomad, which stems from being affected by an open proxy vulnerability...
PT-2024-23201 · Hcl · Hcl Nomad Server
Name of the Vulnerable Software and Affected Versions: HCL Nomad server on Domino versions up to 1.0.12 Description: The HCL Nomad server on Domino is affected by an open proxy vulnerability, allowing an unauthenticated attacker to mask their original source IP address. This may enable an attacke...
Apache Traffic Server Input Validation Error Vulnerability (CNVD-2024-35169)
Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an input validation error vulnerability that stems from accepting characters that are not allowed by the HTTP field name and forwarding a...
httpd: NULL pointer dereference in mod_proxy
A flaw was found in the modproxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service...
CVE-2024-28249 Cilium has possible unencrypted traffic between nodes when using IPsec and L7 policies
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sen...
CVE-2022-34321
Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...
PT-2024-2610 · Apache · Apache Pulsar
Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.6.0 through 2.10.5 Apache Pulsar versions 2.11.0 through 2.11.2 Apache Pulsar versions 3.0.0 through 3.0.1 Apache Pulsar version 3.1.0 Description: The issue is related to an improper authentication vulnerability in t...
PT-2024-2415 · Artica · Artica Proxy
Name of the Vulnerable Software and Affected Versions: Artica-Proxy affected versions not specified Description: The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. ...
Trend Micro uiAirSupport Security Vulnerability
Trend Micro uiAirSupport is a Trend Micro support tool for Trend Micro customers who subscribe to our Premium Services. A security vulnerability exists in Trend Micro uiAirSupport 6.0.2092 and prior versions, which stems from vulnerability to a DLL hijacking/proxy vulnerability that could be...
CVE-2024-0308 Inis Proxy.php server-side request forgery
A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument purl leads to server-side request forgery. The attack may be initiated remotely. The exploit...
CVE-2023-49782 Cross-Site-Scripting vulnerability in error message passing in richdocumentscode
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server richdocumentscode release 23.5.601...
CVE-2023-48314 Unescaped passing of the request URL in Collabora Online
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server richdocumentscode...