RHEL 8 : libsoup (RHSA-2024:9501)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9501 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: HTTP request smuggling via stripping null bytes fr...

RHEL 9 : libsoup (RHSA-2024:9559)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9559 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket dat...

RHEL 8 : libsoup (RHSA-2024:9573)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9573 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket dat...

ALSA-2024:9573 Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...

RHEL 8 : libsoup (RHSA-2024:9566)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9566 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: HTTP request smuggling via stripping null bytes fr...

Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...

Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...

RHEL 8 : libsoup (RHSA-2024:9524)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9524 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: HTTP request smuggling via stripping null bytes fr...

RHEL 9 : libsoup (RHSA-2024:9572)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9572 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: HTTP request smuggling via stripping null bytes fr...

ROS-20241112-09

A vulnerability in the Consul service configuration tool is related to input validation errors when processing catalog traversal sequences. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted HTTP request and read arbitrary files on the system...

Advisory ROSA-SA-2024-2518

software: memcached 1.6.22 OS: ROSA-CHROME packageevrstring: memcached-1.6.22-1 CVE-ID: CVE-2023-46852 BDU-ID: 2023-08094 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the proxyruncoroutine function protoproxy.c of the memcached data caching software tool is related to an operation exceeding buffe...

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...

CVE-2024-8881

CVE-2024-8881 describes a post-authentication command-injection in the CGI component of Zyxel GS1900-48 switches. Affected firmware: V2.80(AAHN.1)C0 and earlier. Exploitation requires an authenticated attacker with administrator privileges on the LAN, who can send a crafted HTTP request to execut...

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...

CVE-2024-52530

A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...

CVE-2024-47586 NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be...

CVE-2024-47586 NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be...

CVE-2024-52530

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header...

CVE-2024-52530

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header...