2156 matches found
Design/Logic Flaw
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2022-21698
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
GHSA-VX57-7F4Q-FPC7 Arbitrary redirects under /new endpoint
Impact In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a...
CVE-2022-21698 Uncontrolled Resource Consumption in promhttp
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2022-21698
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2022-21698 Uncontrolled Resource Consumption in promhttp
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2022-21698
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2021-43848
h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...
CVE-2021-43848
h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...
Design/Logic Flaw
h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...
UBUNTU-CVE-2021-43848
h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...
CVE-2021-43848
CVE-2021-43848 concerns h2o, an open source HTTP server. Affects HTTP/3 support where, from commits 93af138 to d1f0f65, h2o may access uninitialized memory when processing QUIC frames, potentially treating such memory as HTTP/3 frames. In reverse proxy scenarios, an attacker could cause h2o to le...
CVE-2021-43848
h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...
Rathole - A Lightweight, Stable And High-Performance Reverse Proxy For NAT Traversal, Written In Rust. An Alternative To Frp And Ngrok
A secure, stable and high-performance reverse proxy for NAT traversal, written in Rust rathole, like frp and ngrok, can help to expose the service on the device behind the NAT to the Internet, via a server with a public IP. Features High Performance Much higher throughput can be achieved than frp...
h2o 安全漏洞
h2o is a new generation of HTTP server. Not only is it very fast compared to older generation HTTP servers, but it also provides faster responses to end users. A security vulnerability exists in h2o, which stems from the fact that when QUIC frames are received in a particular order, h2o's HTTP/3...
CLSA-2021-1640697114 Fix CVE(s): CVE-2021-44224, CVE-2021-44970
SECURITY UPDATE: buffer overflow in the modlua multipart parser - debian/patches/CVE-2021-44970.patch: add test to prevent integer overflow in reqparsebody - CVE-2021-44970 SECURITY UPDATE: null pointer dereference in reverse proxy module - debian/patches/CVE-2021-44224.patch: add tests for retur...
OESA-2021-1470 grafana security update
Metrics dashboard and graph editor. Security Fixes: Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope,...
Apache 2.4.x >= 2.4.7 / < 2.4.52 Forward Proxy DoS / SSRF
The version of Apache httpd installed on the remote host is equal to or greater than 2.4.7 and prior to 2.4.52. It is, therefore, affected by a flaw related to acting as a forward proxy. A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer...
Exploit for Path Traversal in Grafana
Grafana CVE Scan 21-43798 0.1 Scanner for Grafana Path Tr...
CVE-2021-44224
A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...