Delegate call can manipulate minGasReserve and the _permissions mapping.

Lines of code Vulnerability details Impact When the proxy delegatecalls the target contract the target contracts code runs in the proxy’s storage. This means the target code has access to all of proxy’s storage including internal mappings. As a result, the target contracts code can manipulate...

Rust-WebSocket memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : mod-wsgi vulnerability (USN-5551-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5551-1 advisory. It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote...

USN-5551-1: mod-wsgi vulnerability

It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations...

CVE-2022-31109 HTTP Host Header Attack Vulnerability in laminas-diactoros

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

ASB-A-219498290

In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation...

Fedora: Security Advisory for golang-github-grpc-ecosystem-gateway-2 (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-33158

Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system...

Crime Reporting System 1.0 Cross Site Scripting

Exploit Title: Crime reporting system - Stored cross-site scripting XSS Date: 29/07/2022 Exploit Author: Eslam Reda Vendor Homepage: https://sourcecodehero.com/crime-reporting-system-project-in-php-with-source-code/ Software Link:...

py-Scrapy -- credentials leak vulnerability

When the built-in HTTP proxy downloader middleware processes a request with proxy metadata, and that proxy metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the Proxy-Authentication header, but only if that header is not already set. There are third-party...

Fedora: Security Advisory for golang-github-grpc-ecosystem-gateway-2 (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-grpc-ecosystem-gateway-2-2.7.3-4.fc35

GRPC to JSON proxy generator following the gRPC HTTP spec...

GO-2022-0322 Uncontrolled resource consumption in github.com/prometheus/client_golang

The Prometheus clientgolang HTTP server is vulnerable to a denial of service attack when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of the promhttp.InstrumentHandler middleware except RequestsInFlight; not filter any specific...

CVE-2022-32210

Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via...

CVE-2022-2047

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario...

Design/Logic Flaw

Symantec Advanced Secure Gateway ASG and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web...

ALSA-2022:5526 Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: DoS when processing gopher server responses CVE-2021-46784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

[SECURITY] Fedora 36 Update: squid-5.6-1.fc36

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

Fedora: Security Advisory for golang-github-grpc-ecosystem-gateway-2 (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] [DSA 5171-1] squid security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5171-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 27, 2022 https://www.debian.org/security/faq -...