CVE-2024-37607

A Buffer overflow vulnerability in D-Link DAP-2555 REVAFIRMWARE1.20 allows remote attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2024-37605

CVE-2024-37605 concerns the D-Link DIR-860L DIR-860L RE VB firmware 2.04.B04_ic5b. The issue is a NULL pointer dereference in the firmware that can be triggered by a crafted HTTP request, leading to a Denial of Service. Affected component: D-Link DIR-860L firmware (REVB 2.04.B04 ic5b). Impact: av...

CVE-2024-36831

D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX is affected by a NULL pointer dereference in the plugins_call_handle_uri_clean function, enabling a remote attacker to cause a Denial of Service (DoS) via a crafted HTTP request without authentication. The issue is reported across multiple sourc...

CVE-2024-37606

A Stack overflow vulnerability in D-Link DCS-932L REVBFIRMWARE2.18.01 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2024-36831

A NULL pointer dereference in the pluginscallhandleuriclean function of D-Link DAP-1520 REVAFIRMWARE1.10B04BETA02HOTFIX allows attackers to cause a Denial of Service DoS via a crafted HTTP request without authentication...

CVE-2024-37607

The CVE-2024-37607 issue affects D-Link DAP-2555 with REVA_FIRMWARE_1.20. A buffer overflow in the device’s HTTP handling (notably in /sbin/httpd per PT-Security) can be triggered by crafted HTTP requests, leading to Denial of Service. Public summaries describe the vulnerability as remote, with n...

CVE-2024-37606

CVE-2024-37606 affects D-Link DCS-932L REVB firmware (2.18.01). The vulnerability is a stack/buffer overflow in the alphapd component that can be triggered by a crafted HTTP request, leading to Denial of Service. The issue is documented across multiple sources (NVD/NVD-derived listings, CNVD, Red...

CVE-2024-37607

A Buffer overflow vulnerability in D-Link DAP-2555 REVAFIRMWARE1.20 allows remote attackers to cause a Denial of Service DoS via a crafted HTTP request...

BIT-NODE-MIN-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

BIT-NODE-MIN-2022-32213

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

BIT-NODE-MIN-2022-32214

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...

BIT-NODE-MIN-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

BIT-NODE-MIN-2022-35256

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling...

BIT-NODE-MIN-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

USN-7157-2: PHP regression

USN-7157-1 fixed vulnerabilities in PHP. The patch for CVE-2024-8932 caused a regression in php7.4. This update fixes the problem. Original advisory details: It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker coul...

OESA-2024-2548 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

OESA-2024-2547 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

OESA-2024-2545 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service

Boundary Community Edition and Boundary Enterprise “Boundary” incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup2 (SUSE-SU-2024:4290-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4290-1 advisory. - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header...