Wavlink AC3000 testsave.sh Information Disclosure vulnerability

Talos Vulnerability Report TALOS-2024-2035 Wavlink AC3000 testsave.sh Information Disclosure vulnerability January 14, 2025 CVE Number CVE-2024-39773 SUMMARY An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted...

Wavlink AC3000 adm.cgi set_wzdap() buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2027 Wavlink AC3000 adm.cgi setwzdap buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39358 SUMMARY A buffer overflow vulnerability exists in the adm.cgi setwzap functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP...

Wavlink AC3000 adm.cgi set_MeshAp() arbitrary code execution vulnerability

Talos Vulnerability Report TALOS-2024-2031 Wavlink AC3000 adm.cgi setMeshAp arbitrary code execution vulnerability January 14, 2025 CVE Number CVE-2024-39370 SUMMARY An arbitrary code execution vulnerability exists in the adm.cgi setMeshAp functionality of Wavlink AC3000 M33A8.V5030.210505. A...

Wavlink AC3000 wireless.cgi AddMac() command injection vulnerability

Talos Vulnerability Report TALOS-2024-2044 Wavlink AC3000 wireless.cgi AddMac command injection vulnerability January 14, 2025 CVE Number CVE-2024-34544 SUMMARY A command injection vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially...

ROS-20250114-01

HTTP client aiohttp vulnerability is related to execution of a loop with an unreachable exit condition. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability of HTTP client aiohttp is related to a symbolic link issue in...

Advisory ROSA-SA-2025-2562

Software: xerces-c 3.1.1 OS: rosa-server79 packageevrstring: xerces-c-3.1.1-10.0.1.res7 CVE-ID: CVE-2023-37536 BDU-ID: 2023-06960 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Heerces C++ library of the BigFix Platform IT Collaborative Management Platform is caused by an integer overflow...

Advisory ROSA-SA-2025-2558

Software: libsoup 2.62.2 OS: rosa-server79 packageevrstring: libsoup-2.62.2-2.0.1.res7 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in GNOME libsoup allows HTTP request smuggling attack due to ignoring '\0' characters at the end of header names. CVE-STATUS: The...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1014)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header an...

EulerOS 2.0 SP10 : libsoup (EulerOS-SA-2025-1008)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored,...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1031)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header an...

EulerOS 2.0 SP10 : libsoup (EulerOS-SA-2025-1025)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored,...

PT-2025-1260 · Tenda · Tenda Ac10 +2

Name of the Vulnerable Software and Affected Versions: Tenda AC8 versions 16.03.10.20 Tenda AC10 versions 16.03.10.20 Tenda AC18 versions 16.03.10.20 Description: A critical issue has been found in the HTTP Request Handler component of the affected devices, specifically in the /goform/telnet file...

Amazon Linux 2023 : haproxy (ALAS2023-2025-791)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-791 advisory. Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL...

Dahua Devices Information Disclosure Vulnerability (Jan 2025) - Active Check

Multiple Dahua devices and their OEMs are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Amcrest Technologies IP Camera Information Disclosure Vulnerability (Dec 2024) - Active Check

Multiple Amcrest Technologies IP Cameras are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

PT-2025-23333

Name of the Vulnerable Software and Affected Versions Tomcat versions affected versions not specified FortiCup Administrative Interface affected versions not specified Description The issue is related to a Denial of Service DoS condition that can be triggered by a specially crafted HTTP request,...

CVE-2024-12105

In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure...

CVE-2024-12105

In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure...

CVE-2024-12989

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...

CVE-2024-12989 WISI Tangram GT31 HTTP Request server-side request forgery

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...