5 matches found
CVE-2023-38697
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
protocol-http1 HTTP Request/Response Smuggling vulnerability
Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...
protocol-http1 HTTP Request/Response Smuggling vulnerability
Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...
CVE-2022-36110 Netmaker vulnerable to Insufficient Granularity of Access Control
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...
UPDATE: Sysdig Falco v0.15.1
PenTestIT RSS Feed Three days ago, an updated version – Sysdig Falco v0.15.1 – was released. It has been some time since I last blogged about this open source behavorial activity monitor which has container support. This release remediates integration issues with Anchore by updating urllib3 and...