16591 matches found
CVE-2024-12989
A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...
CVE-2024-12989 WISI Tangram GT31 HTTP Request server-side request forgery
A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...
CVE-2024-12989
CVE-2024-12989 concerns WISI Tangram GT31. The vulnerability affects an unknown function within the device’s HTTP Request Handler, enabling server-side request forgery (SSRF). Reports across multiple sources (Red Hat, PT-Security, CNNVD, NVD/CVELIST) indicate the issue can be exploited remotely a...
CVE-2024-12989 WISI Tangram GT31 HTTP Request server-side request forgery
A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...
PT-2024-17851 · Wisi · Wisi Tangram Gt31
Name of the Vulnerable Software and Affected Versions: WISI Tangram GT31 versions up to 20241214 Description: A server-side request forgery issue affects an unknown functionality of the component HTTP Request Handler. This issue can be exploited remotely. The vendor was contacted about this...
Amazon Linux 2 : libsoup (ALAS-2024-2705)
The version of libsoup installed on the remote host is prior to 2.56.0-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2705 advisory. GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of...
Amazon Linux 2 : ruby (ALAS-2024-2706)
The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2706 advisory. An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a...
openSUSE Security Advisory (SUSE-SU-2024:4390-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GoCast OS Command Injection vulnerability
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-12840
Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. The problem described was inteded behavior and therefore not a bug...
CVE-2024-12840
A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /httpproxies/testconnection, when supplied with the httpproxies variable set to localhost, the attacker can fetch the localhost banner. Mitigation Mitigation for this issue is either not available or the current...
SUSE-SU-2024:4390-1 Security update for haproxy
This update for haproxy fixes the following issues: - CVE-2024-53008: Fixed HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 Other fixes: - Update to version 2.8.11...
Debian dla-3996 : gunicorn - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3996 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3996-1 [email protected] https://www.debian.org/lts/security/...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.5 Security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: ruby
Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...
Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server
HTTP Request Smuggling Detection Tool This repository contain...
CVE-2024-53688
Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request...
CVE-2024-53688
Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request...
SUSE: Security Advisory (SUSE-SU-2024:4365-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:4349-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...