229 matches found
Device Posture Portal page error "CheckAgain" or "Download EPA client" | Status code 307
End users encounter issues at the Device Posture Portal when attempting to log into the Workspace URL. They are prompted to "Check Again" or "Download EPA client," despite already having the client installed on their device. Checking endpoint logs, we see the following error: The Windows client...
Unexpected Status Code or Return Value
Overview Affected versions of this package are vulnerable to Unexpected Status Code or Return Value in initConn, which causes out of order responses when CLIENT SETINFO times out while establishing a connection. Workaround This vulnerability can be avoided by setting DisableIndentity to true when...
`gh attestation verify` returns incorrect exit code during verification if no attestations are present
Summary A bug in GitHub's Artifact Attestation CLI tool, gh attestation verify, may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact...
CVE-2024-57778
An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200...
Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server
HTTP Request Smuggling Detection Tool This repository contain...
PT-2024-9326 · Microsoft · Windows Hyper-V +1
Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is related to a remote code execution problem in the Windows Hyper-V system, which is associated with the return of an incorrect status code. This can allow an attacker to...
VDA Installer Only Displays Splash Screen then Closes
When installing the workstation VDA, the Installer Splash Screen appears for a second then disappears. Nothing is logged in the installer logs There are no crashes reported in the eventlogs DebugView shows the installer exits with status Code: 1 Using the Citrix VDA Cleanup Utility Tool does not...
CVE-2024-45810
A flaw was found in Envoy. Envoy will crash when the http async client is handling sendLocalReply under some circumstances, such as websocket upgrade and requests mirroring. The http async client will crash during the sendLocalReply in http async client if the http async client is duplicating the...
CVE-2024-45810
CVE-2024-45810 affects Envoy. The vulnerability is a crash in the HTTP async client when handling sendLocalReply under certain conditions (e.g., websocket upgrade or request mirroring). Root causes described include duplicate status code handling and destructor-order issues in the async stream, l...
CVE-2024-45810 Envoy crashes for LocalReply in http async client
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply in http async client, one...
Zephyr 安全漏洞
Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr version 3.6 and prior versions that stems from an issue in the encryption process that could allow a customized remote controller to trigger the vulnerability by using a statu...
CVE-2024-3677 Ultimate 410 Gone Status Code <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ultimate 410 Gone Status Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 410 entries in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...
WordPress Ultimate 410 Gone Status Code Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate 410 Gone Status Code Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3677 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e6494963676 Credits Krzysztof...
ALPINE-CVE-2024-27316
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...
BIT-APACHE-2021-31618 NULL pointer dereference on specially crafted HTTP/2 request
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...
Insertion Of Sensitive Information Into Log File
github.com/elastic/beats is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is caused due to logging the raw event object in the WARN and ERROR level if the ingesting failed with any 4XX HTTP status code except 409 or 209. This can lead to insertion of sensitive ...
GHSA-93P6-9CXV-5RPQ juzawebCMS Incorrect Access Control vulnerability
juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...
CVE-2023-46906
juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...
CVE-2023-46906
juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...
Improper access control
juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...