276 matches found
SUSE-SU-2024:0765-1 Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: - CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type parsing bsc1220239. - CVE-2024-26141: Fixed a denial-of-service vulnerability in Range request header parsing bsc1220242. - CVE-2024-26146: Fixed a...
openSUSE: Security Advisory for squid (SUSE-SU-2023:4544-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-23839
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...
CVE-2024-23839 Suricata http: heap use after free with http.request_header and http.response_header keywords
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...
Security Bulletin: Multiple urllib vulnerabilities may affect IBM Storage Scale (CVE-2023-43804)
Summary Multiple vulnerabilities in urllib repo, used by the IBM Storage Scale call home feature, which could allow a remote authenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2023-45803 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtai...
CVE-2023-51982
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-urllib3) security update
An update for python-urllib3 is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Ivanti Avalanche SecureFilter Content-Type Authentication Bypass Vulnerability
This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecureFilter class. The issue results from improper handling of the...
Moderate: Red Hat Security Advisory: fence-agents security update
An update for fence-agents is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Moderate: Red Hat Security Advisory: python-urllib3 security update
An update for python-urllib3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Moderate: python-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804 urllib3: Request body not stripped after redirect from 303 status changes...
fence-agents security update
4.10.0-55.2 - python-certifi: Removal of e-Tugra root certificate CVE-2023-37920 - python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804...
Moderate: Red Hat Security Advisory: fence-agents security update
An update for fence-agents is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
ALSA-2023:7753 Moderate: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: python-certifi: Removal of e-Tugra root certificate CVE-2023-37920...
CRLF Injection
aiohttp is vulnerable to CRLF Injection attack. The vulnerability arises due to improper HTTP version validation in aiohttp/clientreqrep.py. An attacker can preform CRLF injection if they have the ability to modify the HTTP version in the request header...
SUSE: Security Advisory (SUSE-SU-2023:4545-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: fence-agents security update
An update for fence-agents is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
The vulnerability of Firefox browser, related to insufficient protection of service data, allows attackers to gain unauthorized access to protected information.
The vulnerability of Firefox browsers is related to insufficient protection of service data during the processing of the Vary response header for comparing request headers. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by sending iterativ...
libhv Injection Vulnerability
libhv is ithewei open source an easier to use than libevent/libuv/asio network library . libhv injection vulnerability , the vulnerability stems from when the use of untrusted user input to set the request header , vulnerable to CRLF injection attacks...
Wp2Fac - OS Command Injection
Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...