Lucene search
K

247 matches found

RedHat Linux
RedHat Linux
added 2024/11/26 11:24 a.m.9 views

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

9.1CVSS5.8AI score0.00496EPSS
Exploits0References6
OSV
OSV
added 2024/11/01 3:29 p.m.12 views

SUSE-SU-2024:3876-1 Security update for python-waitress

This update for python-waitress fixes the following issues: - CVE-2024-49768: Fixed request processing race condition in HTTP pipelining with invalid first request when lookahead is enabled bsc1232556 - CVE-2024-49769: Fixed incorrect connection clean up leads to a busy-loop and resource exhausti...

9.1CVSS6.9AI score0.01386EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.5 views

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV042, RV042G, RV320, and RV325 allows a hacker to execute arbitrary code or cause service interruptions.

The vulnerability of the web interface for managing microprogrammed software routers of Cisco Small Business RV042, RV042G, RV320, and RV325 stems from the escape of operations beyond the buffer in memory, resulting from insufficient validation of input data during HTTP packet processing...

6.8CVSS6.2AI score0.00446EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/29 2:32 p.m.16 views

CVE-2024-49768 Waitress has request processing race condition in HTTP pipelining with invalid first request

Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and when the...

9.1CVSS7.2AI score0.00496EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/29 2:32 p.m.22 views

CVE-2024-49768 Waitress has request processing race condition in HTTP pipelining with invalid first request

Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and when the...

9.1CVSS0.00496EPSS
Exploits0References2
CVE
CVE
added 2024/10/29 2:32 p.m.117 views

CVE-2024-49768

CVE-2024-49768 (Waitress) : A race condition in HTTP pipelining with request lookahead can cause a mismanaged second request while the first is being processed. Waitress 3.0.1 fixes the race; as a workaround, disable channel_request_lookahead (default 0). Public advisories reference exposure in I...

9.1CVSS6.1AI score0.00496EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/24 12:0 a.m.9 views

The vulnerability of the Manage Bank Statement Handler component of the SAP S/4HANA software platform allows a malicious individual to gain access to modify or delete files.

The vulnerability of the Manage Bank Statement Handler component in the SAP S/4HANA software platform is related to the absence of a mechanism to prevent unintended modifications to resources during request processing. Exploiting this vulnerability could allow an attacker to gain access to modify...

4.3CVSS5.5AI score0.00293EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/27 12:0 a.m.6 views

The vulnerability of the aiohttp HTTP client, related to deficiencies in HTTP request processing, allows attackers to execute the “HTTP request hijacking” attack.

The vulnerability of the aiohttp HTTP client is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute an “HTTP request hijacking” attack...

7.8CVSS5.7AI score
Exploits0References5Affected Software2
Redos
Redos
added 2024/08/20 12:0 a.m.9 views

ROS-20240820-06

The aiohttp HTTP client vulnerability is related to flaws in HTTP request processing. Exploitation of the vulnerability could allow an attacker acting remotely to perform an "HTTP request smuggling" attack...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.4 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that originates from a problem or error in the server that prevents it from processing requests or providing services properly...

4.7CVSS6.6AI score0.00165EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/06/05 10:5 a.m.3 views

kernel: RDMA/siw: Fix connection failure handling

A NULL dereference vulnerability was found in the Linux kernel, which is caused when the siwcmworkhandler function attempts to dereference a NULL listener that may be created when immediate MPA request processing fails and the newly created endpoint unlinks the listening endpoint ready to be...

5.5CVSS7AI score0.0023EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.6 views

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory processes, related to the failure to protect the SQL query structure, allows attackers to disclose protected information.

The vulnerability of the GLPI system’s request, incident, and inventory management functions is related to the failure to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

7.7CVSS5.6AI score0.59136EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/05/07 12:0 a.m.4 views

The vulnerability of the WSGI-server Gunicorn, related to defects in HTTP request processing, allows attackers to circumvent existing security restrictions and execute a “HTTP request hijacking” attack.

The vulnerability of the WSGI-server Gunicorn is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and carry out an “HTTP request hijacking” attack...

7.8CVSS7.2AI score0.02996EPSS
Exploits0References11Affected Software13
BDU FSTEC
BDU FSTEC
added 2024/05/06 12:0 a.m.7 views

The vulnerability of Windows operating system DNS servers, which allows a hacker to execute arbitrary code

The vulnerability of DNS servers for Windows operating systems relates to the use of memory after it is freed during request processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS8.1AI score0.01822EPSS
Exploits0References3
NVD
NVD
added 2024/05/03 3:15 a.m.39 views

CVE-2023-41230

D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this...

8.8CVSS8AI score0.00759EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 2:12 a.m.73 views

CVE-2023-41230

The CVE-2023-41230 issue affects D-Link DIR-3040 routers. The vulnerable component is prog.cgi serving HNAP requests on lighttpd (ports 80/443). Root-context code execution arises from a stack-based buffer overflow caused by copying an unchecked user-supplied string into a fixed-size local buffer...

8.8CVSS8AI score0.00759EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/03 2:12 a.m.46 views

CVE-2023-41230 D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this...

7.5CVSS8.2AI score0.00759EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/03 2:12 a.m.30 views

CVE-2023-41229 D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this...

8.8CVSS9.3AI score0.00846EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 2:12 a.m.66 views

CVE-2023-41229

The CVE-2023-41229 issue affects the D-Link DIR-3040 router. A heap-based buffer overflow in the prog.cgi handler for HNAP requests processed by the lighttpd webserver (ports 80/443) arises from inadequate validation of a user-supplied string, enabling an attacker with network proximity to execut...

8.8CVSS9.1AI score0.00846EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.6 views

D-Link DIR-3040 安全漏洞

The D-Link DIR-3040 is a router from China-based AUO D-Link. It provides the function of connecting to the network. A security vulnerability exists in the D-Link DIR-3040 that stems from a HTTP request processing reference heap-based buffer overflow remote code execution vulnerability...

8.8CVSS9.3AI score0.00846EPSS
Exploits0References3
Rows per page
Query Builder