CVE-2024-12147

A vulnerability was found in Netgear R6900 1.0.1.261.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgradecheck.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The...

CVE-2024-12147 Netgear R6900 HTTP Header upgrade_check.cgi buffer overflow

A vulnerability was found in Netgear R6900 1.0.1.261.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgradecheck.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The...

CVE-2024-12147 Netgear R6900 HTTP Header upgrade_check.cgi buffer overflow

A vulnerability was found in Netgear R6900 1.0.1.261.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgradecheck.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The...

CVE-2024-12147

Netgear R6900 vulnerability CVE-2024-12147 affects firmware 1.0.1.26_1.0.20 in the HTTP Header Handler’s upgrade_check.cgi. The root cause is improper validation of the Content-Length parameter in upgrade_check.cgi, which leads to a buffer overflow. This is a remote, unauthenticated issue, with e...

Siemens Unlocked JTAG Interface / Buffer Overflow

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unlocked JTAG interface and buffer overflow product: Siemens SM-2558 Protocol Element extension module for Siemens SICAM AK3/TM/BC, Siemens CP-2016 & CP-2019 vulnerable...

Exploit for CVE-2025-29329

CVE-2025-29329 - Sagemcom F@st 3686 ippprint Buffer Overflow R...

Carriage Return Line Feed(CRLF) Injection

Refit is vulnerable to Carriage Return Line FeedCRLF Injection. The vulnerability is due to lack of validation for CRLF characters in HTTP header values in the Refit library. Specifically, the HttpHeaders.TryAddWithoutValidation method used by Refit does not sanitize or check for CRLF sequences,...

Improper Access Control

github.com/hashicorp/consul is vulnerable to Improper Access Control. The vulnerability is due to the ability to bypass HTTP header-based access rules when using headers in L7 traffic intentions, allowing unauthorized access in certain cases...

CVE-2024-51504

An authentication bypass vulnerability was found in Apache Zookeeper. The default configuration of the client's IP address detection in IPAuthenticationProvider, which uses HTTP request headers, is weak and allows an attacker to bypass authentication by spoofing the client's IP address in request...

CVE-2024-51504

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

CVE-2024-51504 Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

CVE-2024-51504

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tungstenite-0.20.1.crate CVE-2023-43669

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to tungstenite-0.20.1.crate CVE-2023-43669. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-43669 DESCRIPTION: Snapview Tungstenite crate for Rust is vulnerable t...

BIT-CONSUL-2024-10006 Consul L7 Intentions Vulnerable To Headers Bypass

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...

BIT-CONSUL-2024-10086 Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS...

CVE-2024-10006

A flaw was found in HashiCorp Consul and Consul Enterprise. The server response does not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and can lead to reflected cross-site scripting XSS. Mitigation Mitigation for this issue is either not available o...

CVE-2024-10086

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS...

CVE-2024-10086

CVE-2024-10086 affects Consul and Consul Enterprise. The issue arises when the server response does not explicitly set a Content-Type header, allowing user-provided inputs to be interpreted under an unintended context and potentially lead to reflected XSS. The available sources confirm the vulner...

CVE-2024-10006

CVE-2024-10006 affects Consul and Consul Enterprise. The issue enables bypassing HTTP header based access rules by manipulating Headers in L7 traffic intentions. The vulnerability is defined in public advisories and CVSS vectors indicate high impact (noting different scope/impact across sources)....

CVE-2024-43424

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...