Ubuntu Security Notice 6770-1 - USN-6729-1 fixed vulnerabilities in Apache HTTP Server. The update lead to the discovery of a regression in Fossil with regards to the handling of POST requests that do not have a Content-Length field set. This update fixes the problem.
a4fb9bd60541be12414572b8883d63af81dffb2f970ccd3933000f3825d55d7b
Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive reverse shell connections.
f54e108c3e072e69c000f9759d386e86aae92493e17fbe4348a5bdd7b5278328
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.
05d3932a1affb0ab7987664677134709982ca3837a0b0f0e16f9aeb391933341
Debian Linux Security Advisory 5684-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing. Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. SungKwon Lee discovered that processing web content may lead to a denial-of-service. Various other issues were also addressed.
6e9bc12028378c36947c0cc1d5a1b5f2cd1a6e3c69e4d33ee6a4c62e19d93ae3
Ubuntu Security Notice 6754-2 - USN-6754-1 fixed vulnerabilities in nghttp2. This update provides the corresponding update for Ubuntu 24.04 LTS. It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
a626406c69b2c3819d9892a59563e91ef3909ded6eee46f3085c5cbec0e0e54b
iboss Secure Web Gateway versions prior to 10.2.0 suffer from a persistent cross site scripting vulnerability.
50b166bd6a6b50ebc0b7770cf33221a56eafab69e5b4987b101fcd6a8a6d1e49
Red Hat Security Advisory 2024-2780-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP request smuggling, denial of service, and out of bounds read vulnerabilities.
14f40c5146795f41931c2250cbd7a2bf41dafc4d1ce15c66336cdff7aef2959c
Red Hat Security Advisory 2024-2779-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP request smuggling, denial of service, and out of bounds read vulnerabilities.
dbce3e1febe8e44ee36a0aac3ae58470f3ffd077739447c2c363902460f6bcb0
Red Hat Security Advisory 2024-2778-03 - An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP request smuggling, denial of service, and out of bounds read vulnerabilities.
39ab57f4ed248dcd1adf7e509d5372cf1f6c03922cd1774f9d2d751b8f36c646
Red Hat Security Advisory 2024-2694-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 4 is now available. Issues addressed include bypass and denial of service vulnerabilities.
1a8fc0654837f47643290effdd73ec0110c0ee38a996b1a00d2acff00502d7bb
Red Hat Security Advisory 2024-2693-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 4 is now available. Issues addressed include bypass and denial of service vulnerabilities.
88999fc9de0ab7e3e4ffd95629c1e274fce376b6f0a5eda1aa0edd11eefd7dd8
Red Hat Security Advisory 2024-1917-03 - Red Hat JBoss Web Server 6.0.2 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include a denial of service vulnerability.
b16a67be50e88c284ee9b0e3d0795fb20c1d6a1a252ec4bbe88fdd7fc84cf1f1
Red Hat Security Advisory 2024-1916-03 - An update is now available for Red Hat JBoss Web Server 6.0.2 on Red Hat Enterprise Linux versions 8 and 9. Issues addressed include a denial of service vulnerability.
05f53733516862c85fd92b166b56af6c0817c3a97ac1b73197879b7cb93b895c
Red Hat Security Advisory 2024-1914-03 - Red Hat JBoss Web Server 5.8.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Issues addressed include a denial of service vulnerability.
4996fa86ede59d4a4fe79a2dcb7f28627b2a83c7f6268f4d5751c435113aa535
Red Hat Security Advisory 2024-1913-03 - An update is now available for Red Hat JBoss Web Server 5.8 on Red Hat Enterprise Linux versions 7, 8, and 9. Issues addressed include a denial of service vulnerability.
692c74a3ef51407eaec041f0e3270324f6491c37ddbdb0046736cf664d69b91c
Ubuntu Security Notice 6747-2 - USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory during JIT optimizations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Nan Wang discovered that Firefox did not properly manage memory during WASM garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
7c2c9d128db1252739be1d7a0b93beb403f7c031e510470fefa2f2f7a74db59d
Ubuntu Security Notice 6718-3 - USN-6718-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 24.04 LTS. Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.
ade4e33456f4d06c99e18ff976f56f75797e1d3f0b86ecd687782229e52eb969
Ubuntu Security Notice 6729-3 - USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service.
64bc41b5243d484a6b2e16655cb72ea9b8aa3a19737b46627dbb01cfa4e8fb4e
Ubuntu Security Notice 6754-1 - It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
5cf8f575ba3f618cd1a7ba459257c95bf26180fa995bf1e705ddd3bb811a5c3e
Ubuntu Security Notice 6750-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Bartek Nowotarski discovered that Thunderbird did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service.
754d51ac65b5ef2eda4da9a5a3c295a24f0e2be8f571d9de933977d88d6415b9
Ubuntu Security Notice 6747-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service.
fe5132fb8a5bc8bcd0558902c71cf2276c28f6168b4d2cd89f4e001ddfd7106d
Red Hat Security Advisory 2024-2010-03 - An update is now available for Red Hat Satellite 6.15. The release contains a new version of Satellite and important security fixes for various components. Issues addressed include HTTP request smuggling, crlf injection, denial of service, file disclosure, and traversal vulnerabilities.
4361cf87dbd336525d20fca633c0c9b438f10aa89ce73154b09d47d3085827a8
A remote code execution vulnerability in Gambio online webshop versions 4.9.2.0 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an attacker to execute remote code on affected systems. The insecure deserialization vulnerability in Gambio poses a significant risk to affected systems. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.
b039dd6352f7639972110e6885da153c2438aa56b1f4c40dc395f737607363b4
Debian Linux Security Advisory 5664-1 - Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.
f811fdb59918d1ff6c0f69e7c41be61c5a9681f083aca6ccdb106ccc1fb89b43
Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.
48e8f6ab38e454ffe37a65ae74aa96cb5b3942a28276a0cc0f3a974d4716ae83