BIT-ENVOY-2021-43825 Use-after-free in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered dat...

PT-2024-12398 · Fastrpc · Fastrpc

Name of the Vulnerable Software and Affected Versions: FastRPC affected versions not specified Description: The issue is related to Information Disclosure while processing IOCTL request in FastRPC. Recommendations: At the moment, there is no information about a newer version that contains a fix f...

CVE-2023-52513 RDMA/siw: Fix connection failure handling

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix connection failure handling In case immediate MPA request processing fails, the newly created endpoint unlinks the listening endpoint and is ready to be dropped. This special case was not handled correctly by the co...

Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty.

Summary Due to the use of Eclipse Jetty, Rational Service Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an...

The vulnerability of the official interface for developing container applications in Plone Docker allows a hacker to gain access to modify or delete files.

The vulnerability of the official Plone Docker image for container applications lies in the absence of a mechanism to prevent unintended modifications to resources during request processing. Exploiting this vulnerability could allow an attacker to gain access to modify or delete files using PUT a...

Authorization Bypass

pixelfed/pixelfed is vulnerable to Authorization Bypass. The vulnerability is due to insufficient checks during request processing, allowing attackers to access and potentially modify administrative and moderator functionalities beyond intended user permissions...

The vulnerability of the aiohttp HTTP client, related to deficiencies in HTTP request processing, allows attackers to execute the “HTTP request hijacking” attack.

The vulnerability of the aiohttp HTTP client is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to perform an “HTTP request hijacking” attack...

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma, related to deficiencies in HTTP request processing, allows attackers to induce service failures.

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to induce service failures through specially crafted HTTP requests HTTP Request Smuggling attacks...

Design/Logic Flaw

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contain...

CVE-2023-6393

CVE-2023-6393 affects the Quarkus Cache Runtime (quarkus-cache). The issue is a potential invalid reuse of context when a Uni cached with @CacheResult reuses the initial completion context, causing the processing to switch to the cached Uni instead of the request context. This can allow a POST re...

CVE-2023-6393

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contain...

The vulnerability of the server software HAProxy, related to deficiencies in HTTP request processing, allows attackers to compromise data integrity.

The vulnerability of the server software HAProxy is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to compromise data integrity from a remote location...

CVE-2023-22382

Weak configuration in Automotive while VM is processing a listener request from TEE...

The vulnerability of TP-Link Archer C50, Archer C20, and Archer C2 Wi-Fi routers lies in the fact that the operation data can be accessed outside of the buffer in memory, allowing an attacker to cause a malfunction in the device.

The vulnerability of the microprogrammed software of TP-Link Archer C50, Archer C20, and Archer C2 Wi-Fi routers lies in the fact that the operation data is written outside the buffer in memory when processing request parameters. Exploiting this vulnerability can allow a remote attacker to cause...

The vulnerability of the Node.js software platform, related to deficiencies in HTTP request processing, allows a perpetrator to carry out a “HTTP request hijacking” attack.

The vulnerability of the Node.js software platform is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out an “HTTP request hijacking” attack...

The vulnerability of the SAP Web Dispatcher, related to deficiencies in HTTP request processing, allows attackers to induce a service failure.

The vulnerability of SAP Web Dispatcher is related to deficiencies in HTTP request processing. Exploiting this vulnerability can allow a malicious actor to cause service failures...

PT-2023-5832 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: The vulnerability is related to a heap-based buffer overflow in the HTTP request processing referer of D-Link DIR-3040 routers. This issue allows network-adjacent attackers to execu...

CVE-2023-26436

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processin...

ROS-20230620-03

A vulnerability in the HAProxy server software is related to a flaw in HTTP request processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute a "smuggling of HTTP requests" attack...

WordPress Plugin Pinterest Automatic 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress Plugin Pinterest Automatic...