Security Advisory Description Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION fram ...
Continue Reading
April 09, 2024
Security Advisory Description amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash. ( ...
Continue Reading
April 09, 2024
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-a ...
Continue Reading
April 09, 2024
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible t ...
Continue Reading
April 09, 2024
github.com/hashicorp/nomad is vulnerable to Improper Authorization. The vulnerability is due to a lack of proper access controls in the search HTTP API, allowing unauthenticated users or users without ...
Continue Reading
April 09, 2024
Security Advisory Description Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed UR ...
Continue Reading
April 09, 2024
dectalk-tts is vulnerable to Cleartext Transmission of Sensitive Information ('Man-in-the-Middle'). The vulnerability is due to unencrypted HTTP traffic being sent to a third-party API. This ...
Continue Reading
April 09, 2024
github.com/AlexxIT/go2rtc is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the /api/config endpoint which lacks validation for user-supplied input, allowing an attacker ...
Continue Reading
April 09, 2024
Back to Main
