[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 8472 Download | Alert*

The host is installed with Elasticsearch 7.x before 7.17.19 or 8.x before 8.13.0 and is prone to an uncontrolled Resource Consumption vulnerability. A flaw is present in the application, which fails to properly handle processing of document in a deeply nested pipeline on an ingest node. Successful exploitation could cause the Elasticsearch node to crash.

util-linux: miscellaneous system utilities util-linux could be made to expose sensitive information.

util-linux: miscellaneous system utilities Details: USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write utilities. Original advisory util-linux could be made to expose sensitive information.

Skyler Ferrante discovered that the wall tool from util-linux does not properly handle escape sequences from command line arguments. A local attacker can take advantage of this flaw for information disclosure. With this update wall and write are not anymore installed with setgid tty.

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.This issue affects Apache HTTP Server: through 2.4.58. HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.Users are recommende ...

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.This issue affects Apache HTTP Server: through 2.4.58. HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.Users are recommende ...

Node.js is a platform built on Chromes JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.}

Oracle Solaris 11 - ( CVE-2024-27982 )

This update for nodejs16 fixes the following issues: * CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session that could lead to HTTP/2 server crash * CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation

This update for nodejs16 fixes the following issues: * CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session that could lead to HTTP/2 server crash * CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation


Pages:      Start    807    808    809    810    811    812    813    814    815    816    817    818    819    820    ..   847

© SecPod Technologies