GHSA-5RRX-JJJQ-Q2R5 Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability

Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also...

CVE-2025-55315

Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...

CVE-2025-55315

Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple vulnerabilities in Netty (CVE-2025-58056, CVE-2025-58057)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the agent-server-relay communication system and is affected by CVE-2025-58056, CVE-2025-58057. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framewo...

PT-2025-42010

Name of the Vulnerable Software and Affected Versions: ASP.NET Core versions 3.0 through 7.0, and Kestrel ≤ 2.3.0 Description: This vulnerability CVE-2025-55315 is a critical HTTP request smuggling flaw in ASP.NET Core's Kestrel web server. It arises from inconsistent interpretation of HTTP...

CVE-2025-11550

A vulnerability was found in Tenda W12 3.0.0.63948. The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from...

EUVD-2025-33411

A vulnerability was found in Tenda W12 3.0.0.63948. The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from...

EUVD-2025-33407

A vulnerability has been found in Tenda W12 3.0.0.63948. The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out...

CVE-2025-11550

A vulnerability was found in Tenda W12 3.0.0.63948. The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from...

CVE-2025-11549

A vulnerability has been found in Tenda W12 3.0.0.63948. The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out...

CVE-2025-11549

CVE-2025-11549 affects Tenda W12 firmware v3.0.0.6(3948). The vulnerability is in the HTTP Request Handler’s wifiMacFilterSet function (file /goform/modules); the mac argument can be manipulated to cause a stack-based buffer overflow. The issue can be exploited remotely, and public proof-of-conce...

CVE-2025-11418

A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The manipulation of the argument mitssidindex leads to stack-based buffer overflow. The attack may be...

AlmaLinux 10 : podman (ALSA-2025:9146)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:9146 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

AlmaLinux 10 : opentelemetry-collector (ALSA-2025:12850)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:12850 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly...

AlmaLinux 10 : git-lfs (ALSA-2025:9063)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:9063 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

CVE-2025-11444 TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launc...

CVE-2025-11418 Tenda CH22 HTTP Request AdvSetWrlsafeset formWrlsafeset stack-based overflow

A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The manipulation of the argument mitssidindex leads to stack-based buffer overflow. The attack may be...

Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: Update to version 5.6.9. CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to information leaks bsc1230848, fixed in an earlier update. CVE-2024-21647: unbounded resource consumpti...

EUVD-2000-0712

Malware in sbrugna...

EUVD-2002-1802

Malware in sbrugna...