OESA-2024-2548 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

OESA-2024-2547 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

OESA-2024-2545 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service

Boundary Community Edition and Boundary Enterprise “Boundary” incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup2 (SUSE-SU-2024:4290-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4290-1 advisory. - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header...

CVE-2024-12289

CVE-2024-12289 affects Boundary Community Edition and Boundary Enterprise. The issue occurs during initialization of the Boundary controller, where HTTP requests are mishandled and may cause the Boundary server to terminate prematurely. Fixed in Boundary 0.16.4, 0.17.3, and 0.18.2. Connected docu...

CVE-2024-28145 Unauthenticated SQL Injection

An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNI...

CLSA-2024-1734006823 php: Fix of CVE-2024-11234

CVE-2024-11234: Fix possibility of HTTP request smuggling in configured proxy URI by prohibiting CRLF injection...

Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse

Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a valid vulnerability. This link is maintained to preserve external references. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2024-4109. Original Description A flaw was found in Undertow. An...

CVE-2024-4109

Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability...

CVE-2024-4109

Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability...

CVE-2024-4109

CVE-2024-4109 is linked to information leakage in Undertow when handling HTTP/2 header reuse. Affected product: Red Hat JBoss Enterprise Application Platform (EAP) 7.x on RHEL7/RHEL8 as referenced by RHSA advisories (e.g., 7.1.12 on RHEL7 and 7.3.15). Root cause: Undertow HTTP/2 handling allows l...

CVE-2024-4109

...

CVE-2024-4109

A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests...

[SECURITY] [DLA 3992-1] libsoup2.4 security update

Debian LTS Advisory DLA-3992-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton December 12, 2024 https://wiki.debian.org/LTS Package : libsoup2.4 Version : 2.72.0-2+deb11u1 CVE ID : CVE-2024-52530 CVE-2024-52531 CVE-2024-52532 Debian Bug : 1088812 1089238 1089240...

Important: libsoup

Issue Overview: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.20 Security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinit...

SUSE-SU-2024:4290-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 - CVE-2024-52532: Fixed...

Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2024-772)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-772 advisory. GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a Transfer-Encoding\0: chunked header is...