80 matches found
SUSE-SU-2023:4974-1 Security update for distribution
This update for distribution fixes the following issues: distribution was updated to 2.8.3 bsc1216491: Pass BUILDTAGS argument to go build Enable Go build tags reference: replace deprecated function SplitHostname Dont parse errors as JSON unless Content-Type is set to JSON update to go 1.20.8 Set...
The vulnerability of the VMware Horizon Server virtualization server, related to improper checking of HTTP requests, allows an attacker to compromise the integrity of protected information.
The vulnerability of the VMware Horizon Server virtualization server lies in improper handling of HTTP requests. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information from a remote location...
CVE-2023-33476
ReadyMedia MiniDLNA versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the...
Advisory ROSA-SA-2023-2158
Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: 2.4.6-98.7 CVE-ID: CVE-2021-40438 BDU-ID: 2021-04820 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...
Yealink Device Management Command Injection (CVE-2021-27561)
A command injection vulnerability exists in Yealink Device Management. The vulnerability is due to improper handling of a crafted HTTP request...
PT-2020-3713
Name of the Vulnerable Software and Affected Versions: Puma versions prior to 3.12.5 Puma versions prior to 4.3.4 Description: The issue is related to the handling of HTTP requests in Puma, a RubyGem for Ruby/Rack applications. An attacker could smuggle an HTTP response by using an invalid...
Siemens SCALANCE X-300 Family Switches HTTP Request Handling Remote DOS
Binary data 148.prm...
Access Restriction Bypass
gateway.transport.http is vulnerable to access restriction bypass. Access restriction controls can be bypassed due to improper HTTP request handling via a specially crafted HTTP request, allowing a remote attacker to obtain confidential information...
CVE-2017-6910
The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise...
Design/Logic Flaw
The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling...
CVE-2014-6309
The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling...
CVE-2014-6309
CVE-2014-6309 affects Kaazing Gateway server components. In Kaazing Gateway 4.0.2, 4.0.3, 4.0.4 and Gateway – JMS Edition 4.0.2, 4.0.3, 4.0.4, the HTTP and WebSocket engine can allow remote attackers to obtain sensitive information via vectors related to HTTP request handling. The vulnerability i...
CVE-2017-6910
The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise...
CVE-2018-7262
A NULL pointer dereference flaw was found in RADOS Gateway HTTP request handling when using the Civetweb native webserver. An unauthenticated attacker could crash RADOS Gateway server by sending malicious HTTP requests...
Cisco UCS Central Software < 2.0(1c) HTTP Request Handling RCE
The version of Cisco Unified Computing System UCS Central Software running on the remote host is prior to 1.31c. It is, therefore, affected by a flaw in its web framework due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted...
CVE-2016-3639
SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain sensitive topology information via an unspecified HTTP request, aka SAP Security Note 2176128...
Cisco UCS Central Software < 1.3(1c) HTTP Request Handling RCE
The version of Cisco Unified Computing System UCS Central Software running on the remote host is prior to 1.31c. It is, therefore, affected by a flaw in its web framework due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially craft...
Oracle Linux 7 : squid (ELSA-2016-1139)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1139 advisory. - Related: 1330576 - CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling - Related: 1334491 - CVE-2016-4554 CVE-2016-4555 CVE-2016-4556...
squid34 security update
7:3.4.14-9.3 - Resolves: 1334499 - CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 squid34: various flaws - Resolves: 1334506 - CVE-2016-4553 squid34: squid: Cache poisoning issue in HTTP Request handling 7:3.4.14-9.2 - Related: 1330574 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid34:...
Juniper Junos HTTP Request Handling J-Web DoS (JSA10720)
According to its self-reported version number, the remote Juniper Junos device is affected by denial of service vulnerability due to a flaw in the Embedthis Appweb Server when processing malformed HTTP requests. An unauthenticated, remote attacker can exploit this to crash the J-Web service...