oracle communications cloud native core network function cloud native environment 1.4.0 vulnerabilities and exploits

(subscribe to this query)

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. ...

Agendaless Waitress Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0 Debian Debian Linux 9.0

mixin-deep is vulnerable to Prototype Pollution in versions prior to 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Mixin-deep Project Mixin-deep Mixin-deep Project Mixin-deep 2.0.0 Fedoraproject Fedora 30 Fedoraproject Fedora 31 Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.4.0

1 Github repository

A vulnerability in unit_deserialize of systemd allows an malicious user to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd...

Debian Debian Linux 8.0 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 18.10 Canonical Ubuntu Linux 16.04 Systemd Project Systemd Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.4.0

1 EDB exploit1 Github repository

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separ...

Agendaless Waitress Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0 Debian Debian Linux 9.0 Fedoraproject Fedora 30 Fedoraproject Fedora 31 Redhat Openstack 15

Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.&quo...

Agendaless Waitress Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0 Debian Debian Linux 9.0 Fedoraproject Fedora 30 Fedoraproject Fedora 31 Redhat Openstack 15

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests contain...

Agendaless Waitress Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0 Debian Debian Linux 9.0 Fedoraproject Fedora 30 Fedoraproject Fedora 31 Redhat Openstack 15

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

Nodejs Node.js Oracle Graalvm 20.0.0 Oracle Graalvm 19.3.1 Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.4.0 Debian Debian Linux 10.0 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux Eus 8.1 Opensuse Leap 15.1

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook