Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A malicious client can cause an error against the destination's size limit, which would incorrectly be attributed to the destination rather than the client. This could allow an attacker to send large amounts of da...

CVE-2023-33141

Yet Another Reverse Proxy YARP Denial of Service Vulnerability...

CVE-2023-33141

Yet Another Reverse Proxy YARP Denial of Service Vulnerability...

CVE-2023-33141

Yet Another Reverse Proxy YARP Denial of Service Vulnerability...

CVE-2023-33141

Summary: CVE-2023-33141 is a Denial of Service vulnerability in Yet Another Reverse Proxy (YARP). The OSV entry confirms a DoS impact exists in YARP and provides remediation: upgrade to Yarp.ReverseProxy 2.0.1 (and Telemetry.Consumption 2.0.1) to mitigate. The CVE entry lists CVSSv3.1 base score ...

Debian: Security Advisory (DSA-5435-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

spring-boot: Spring Boot Welcome Page DoS Vulnerability

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...

spring-boot: Spring Boot Welcome Page DoS Vulnerability

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...

Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability

...

PT-2023-3138 · Microsoft · Yet Another Reverse Proxy

Name of the Vulnerable Software and Affected Versions: Yet Another Reverse Proxy YARP affected versions not specified Description: The issue is related to insufficient input validation in Yet Another Reverse Proxy YARP, which can be exploited by a remote attacker to cause a denial of service...

Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants

Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle AitM phishing and business email compromise BEC attack, Microsoft has revealed. "The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and...

Improper Certificate Validation

org.keycloak:keycloak-services is vulnerable to Improper Certificate Validation. The flaw relies on enabling Revalidate Client Certificate and not validating the reverse proxy before Keycloak. An attacker is able to choose the server-validated certificate, resulting in authentication bypass...

CVE-2023-33977

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

Cross site scripting

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

CVE-2023-33977

Kiwi TCMS is affected by CVE-2023-33977 (stored XSS via unrestricted file upload) in versions prior to 12.4. The root cause is incomplete upload validation that can permit uploading potentially dangerous files, enabling arbitrary JavaScript execution in the browser. An additional issue involves N...

CVE-2023-33977 Stored cross site scripting (XSS) via unrestricted file upload in Kiwi TCMS

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

CVE-2023-33977 Stored cross site scripting (XSS) via unrestricted file upload in Kiwi TCMS

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

GHSA-2FQM-M4R2-FH98 kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload

Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded and Content-Security-Policy definition to prevent cross-site-scripting attacks. Th...

PT-2023-8827 · Nginx +1 · Nginx +1

Name of the Vulnerable Software and Affected Versions: Kiwi TCMS versions prior to 12.4 Description: The issue is related to the lack of protection of the web page structure in Kiwi TCMS, allowing a remote attacker to upload arbitrary attachments to test plans and test cases. Earlier versions of...

CVE-2023-33193 Emby Server Proxy Header Spoofing Vulnerability

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...