Amazon Linux 2023 : haproxy (ALAS2023-2025-791)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-791 advisory. Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL...

Dahua Devices Information Disclosure Vulnerability (Jan 2025) - Active Check

Multiple Dahua devices and their OEMs are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Amcrest Technologies IP Camera Information Disclosure Vulnerability (Dec 2024) - Active Check

Multiple Amcrest Technologies IP Cameras are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

PT-2025-23333

Name of the Vulnerable Software and Affected Versions Tomcat versions affected versions not specified FortiCup Administrative Interface affected versions not specified Description The issue is related to a Denial of Service DoS condition that can be triggered by a specially crafted HTTP request,...

CVE-2024-12105

In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure...

CVE-2024-12105

In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure...

CVE-2024-12989

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...

CVE-2024-12989 WISI Tangram GT31 HTTP Request server-side request forgery

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...

CVE-2024-12989

CVE-2024-12989 concerns WISI Tangram GT31. The vulnerability affects an unknown function within the device’s HTTP Request Handler, enabling server-side request forgery (SSRF). Reports across multiple sources (Red Hat, PT-Security, CNNVD, NVD/CVELIST) indicate the issue can be exploited remotely a...

CVE-2024-12989 WISI Tangram GT31 HTTP Request server-side request forgery

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...

PT-2024-17851 · Wisi · Wisi Tangram Gt31

Name of the Vulnerable Software and Affected Versions: WISI Tangram GT31 versions up to 20241214 Description: A server-side request forgery issue affects an unknown functionality of the component HTTP Request Handler. This issue can be exploited remotely. The vendor was contacted about this...

Amazon Linux 2 : libsoup (ALAS-2024-2705)

The version of libsoup installed on the remote host is prior to 2.56.0-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2705 advisory. GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of...

Amazon Linux 2 : ruby (ALAS-2024-2706)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2706 advisory. An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a...

openSUSE Security Advisory (SUSE-SU-2024:4390-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GoCast OS Command Injection vulnerability

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-12840

Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. The problem described was inteded behavior and therefore not a bug...

CVE-2024-12840

A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /httpproxies/testconnection, when supplied with the httpproxies variable set to localhost, the attacker can fetch the localhost banner. Mitigation Mitigation for this issue is either not available or the current...

SUSE-SU-2024:4390-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2024-53008: Fixed HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 Other fixes: - Update to version 2.8.11...

Debian dla-3996 : gunicorn - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3996 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3996-1 [email protected] https://www.debian.org/lts/security/...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.5 Security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...