Wavlink AC3000 wireless.cgi AddMac() buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2043 Wavlink AC3000 wireless.cgi AddMac buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39757 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A...

Wavlink AC3000 adm.cgi rep_as_bridge() buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2025 Wavlink AC3000 adm.cgi repasbridge buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-37184 SUMMARY A buffer overflow vulnerability exists in the adm.cgi repasbridge functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted...

Wavlink AC3000 wireless.cgi SetName() buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2039 Wavlink AC3000 wireless.cgi SetName buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39357 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName functionality of Wavlink AC3000 M33A8.V5030.210505. A...

Wavlink AC3000 wireless.cgi DeleteMac() buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2040 Wavlink AC3000 wireless.cgi DeleteMac buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39359 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac functionality of Wavlink AC3000 M33A8.V5030.210505. A...

Wavlink AC3000 internet.cgi set_add_routing() command injection vulnerabilities

Talos Vulnerability Report TALOS-2024-2020 Wavlink AC3000 internet.cgi setaddrouting command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39764,CVE-2024-39765,CVE-2024-39763,CVE-2024-39762 SUMMARY Multiple OS command injection vulnerabilities exist in the internet.cgi...

Wavlink AC3000 nas.cgi add_dir() Directory Traversal Vulnerabilities

Talos Vulnerability Report TALOS-2024-2057 Wavlink AC3000 nas.cgi adddir Directory Traversal Vulnerabilities January 14, 2025 CVE Number CVE-2024-39786,CVE-2024-39787 SUMMARY Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.21050...

Wavlink AC3000 nas.cgi set_nas() samba Configuration Control Vulnerability

Talos Vulnerability Report TALOS-2024-2052 Wavlink AC3000 nas.cgi setnas samba Configuration Control Vulnerability January 14, 2025 CVE Number CVE-2024-39602 SUMMARY An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A special...

Advisory ROSA-SA-2025-2562

Software: xerces-c 3.1.1 OS: rosa-server79 packageevrstring: xerces-c-3.1.1-10.0.1.res7 CVE-ID: CVE-2023-37536 BDU-ID: 2023-06960 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Heerces C++ library of the BigFix Platform IT Collaborative Management Platform is caused by an integer overflow...

Advisory ROSA-SA-2025-2558

Software: libsoup 2.62.2 OS: rosa-server79 packageevrstring: libsoup-2.62.2-2.0.1.res7 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in GNOME libsoup allows HTTP request smuggling attack due to ignoring '\0' characters at the end of header names. CVE-STATUS: The...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1031)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header an...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1014)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header an...

EulerOS 2.0 SP10 : libsoup (EulerOS-SA-2025-1008)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored,...

EulerOS 2.0 SP10 : libsoup (EulerOS-SA-2025-1025)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored,...

PT-2025-1260 · Tenda · Tenda Ac10 +2

Name of the Vulnerable Software and Affected Versions: Tenda AC8 versions 16.03.10.20 Tenda AC10 versions 16.03.10.20 Tenda AC18 versions 16.03.10.20 Description: A critical issue has been found in the HTTP Request Handler component of the affected devices, specifically in the /goform/telnet file...

Amazon Linux 2023 : haproxy (ALAS2023-2025-791)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-791 advisory. Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL...

Dahua Devices Information Disclosure Vulnerability (Jan 2025) - Active Check

Multiple Dahua devices and their OEMs are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Amcrest Technologies IP Camera Information Disclosure Vulnerability (Dec 2024) - Active Check

Multiple Amcrest Technologies IP Cameras are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

PT-2025-23333

Name of the Vulnerable Software and Affected Versions Tomcat versions affected versions not specified FortiCup Administrative Interface affected versions not specified Description The issue is related to a Denial of Service DoS condition that can be triggered by a specially crafted HTTP request,...

CVE-2024-12105

In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure...

CVE-2024-12105

In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure...