174 matches found
PT-2023-24351 · Unknown +3 · Readymedia +3
Name of the Vulnerable Software and Affected Versions: ReadyMedia MiniDLNA versions 1.1.15 through 1.3.2 Description: The issue is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk...
SUSE CVE-2013-2028
The ngxhttpparsechunked function in http/ngxhttpparse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service crash and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based...
CVE-2021-32714 Integer Overflow in Chunked Transfer-Encoding
hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...
SUSE: Security Advisory (SUSE-SU-2016:2305-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Micrium uC-HTTP HTTP Server null pointer dereference denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...
Media Services Live Features Upgrades to Support Modern-Day Live-Streaming Needs
Media Services Live MSL is Akamai's flagship solution for preparing live streams to provide broadcast-grade streaming quality for our live-streaming customers. MSL provides purpose-built key capabilities with liveOrigin, including ingest acceleration to map encoders to optimal entry points on the...
CVE-2020-4581
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441...
CVE-2020-4581
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441...
Oracle Linux 7 : python-twisted-web (ELSA-2020-1561)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-1561 advisory. - Fix CVE-2020-10108 and CVE-2020-10109 multiple HTTP request smuggling vulnderabilities Resolves: rhbz1813439 rhbz1813447 Tenable has extracted the...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1419)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
#OTTuesday: Five Technologies Shaping the Future of OTT
The world of OTT is changing radically with new innovations, from player technologies to standards convergence, propelling the industry forward. As 2018 comes to a close, AkamaiTV sat down with DASH legend and Akamai's very own Will Law to get his pulse on the major trends and technologies that a...
GNU Wget fd_read_body Heap Buffer Overflow (CVE-2017-13090)
A heap buffer overflow vulnerability exists in Wget. The vulnerability is due to improper handling of HTTP responses with chunked transfer encoding within the fdreadbody function. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to make an HTTP request to the...
Schneider Electric Magelis HMI Advanced Panel denial of service vulnerability (PanelShock)
IMPROPER IMPLEMENTATION OF HTTP GET REQUEST CVE-2016-8367 / SVE-82003201 The timeout value for closing an HTTP client's requests in the Web Gate service is too long and allows a malicious attacker to open multiple connections to the targeted web server and keep them open for as long as possible b...
httpd: HTTP request smuggling attack against chunked request parser
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...
SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2016:2305-1)
This update for wpasupplicant fixes the following issues : - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. bnc930077 - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. bnc930078 - CVE-2015-4143: EAP-pwd missing payload length validation...
httpd: HTTP request smuggling attack against chunked request parser
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...
Debian Security Advisory DSA 3397-1 (wpa - security update)
Several vulnerabilities have been discovered in wpasupplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked transfe...
Oracle: Security Advisory (ELSA-2015-0991)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
LFI with PHPInfo the local test process-bug warning-the black bar safety net
LFI with PHPInfo foreign researchers in 2 0 0 1 published in a local file comprising the use of the method, as a novice in the domestic but can not find complete study materials, after several days of research to learn and put their learning process, summarize, and share. Basics The local file...
Amazon Linux: Security Advisory (ALAS-2015-527)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...