16600 matches found
SUSE SLES15 / openSUSE 15 Security Update : python-gunicorn (SUSE-SU-2024:2881-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2881-1 advisory. - CVE-2024-1135: Fixed HTTP Request Smuggling due to improperly validate Transfer-Encoding headers bsc1222950 Tenable has...
SUSE-SU-2024:2881-1 Security update for python-gunicorn
This update for python-gunicorn fixes the following issues: - CVE-2024-1135: Fixed HTTP Request Smuggling due to improperly validate Transfer-Encoding headers bsc1222950...
CVE-2024-39815
Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to...
CVE-2024-37826
A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
Computer And Mobile Repair Shop Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Computer and Mobile Repair Shop Management System v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
PT-2024-6830 · Sap · Sap Crm Abap
Name of the Vulnerable Software and Affected Versions: SAP CRM ABAP affected versions not specified Description: The issue is related to insufficient checking of incoming HTTP requests in the Insights Management component of the SAP CRM ABAP integration module. This can allow a remote attacker to...
CVE-2024-37826
A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
CVE-2024-37826
CVE-2024-37826 describes a NULL pointer dereference in vercot Serva v4.6.0 that can cause a Denial of Service (DoS) via a crafted HTTP request. Public sources (NVD, CVE listing, Red Hat, CNNVD, CVE database) corroborate the same issue. According to the available data, the attack vector is NETWORK...
CVE-2024-37826
A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
PT-2024-27769 · Vercot · Serva
Name of the Vulnerable Software and Affected Versions: vercot Serva version 4.6.0 Description: A NULL pointer dereference in vercot Serva allows attackers to cause a Denial of Service DoS via a crafted HTTP request. Recommendations: For version 4.6.0, consider disabling the HTTP request handling...
CVE-2024-39815
CVE-2024-39815 affects Vonets industrial WiFi bridge relays and WiFi bridge repeaters (versions 3.3.23.6.9 and prior). Root cause: improper check/handling of exceptional conditions enabling an unauthenticated remote attacker to crash the service via a specially crafted HTTP request to pre-authent...
CVE-2024-39815 Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions
Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler
Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2023-27561, CVE-2023-28642, CVE-2023-25809, CVE-2022-32149, CVE-2022-41723, CVE-2022-41721, CVE-2022-27664, CVE-2022-29162, CVE-2021-43784, CVE-2023-2517 Vulnerability Details CVEID:CVE-2023-27561 DESCRIPTION...
CVE-2024-7314 anji-plus AJ-Report Authentication Bypass
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...
Security Bulletin: gunicorn-20.1.0-py3-none-any
Summary Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn'...
AJ-Report 安全漏洞
AJ-Report is an open source visual design tool from anji-plus. A security vulnerability exists in AJ-Report versions prior to 1.4.1, which originates from a remote, unauthenticated attacker who can attach swagger-ui to an HTTP request to bypass authentication and execute arbitrary Java on the...
HTTP Request/Response Smuggling
Twisted is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to the HTTP 1.0 and 1.1 server provided by twisted.web which can process pipelined HTTP requests out-of-order...
ROS-20240730-08
Eclipse Jetty servlet container vulnerability is related to errors in processing input data length parameters. data length parameters. Exploitation of the vulnerability could allow an attacker acting remotely to perform a "HTTP request smuggling" attack The Eclipse Jetty servlet container...
CVE-2024-41628
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API...
CVE-2023-38522
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from...