PT-2024-17851 · Wisi · Wisi Tangram Gt31

Name of the Vulnerable Software and Affected Versions: WISI Tangram GT31 versions up to 20241214 Description: A server-side request forgery issue affects an unknown functionality of the component HTTP Request Handler. This issue can be exploited remotely. The vendor was contacted about this...

Amazon Linux 2 : ruby (ALAS-2024-2706)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2706 advisory. An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a...

Amazon Linux 2 : libsoup (ALAS-2024-2705)

The version of libsoup installed on the remote host is prior to 2.56.0-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2705 advisory. GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of...

openSUSE Security Advisory (SUSE-SU-2024:4390-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GoCast OS Command Injection vulnerability

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-12840

Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. The problem described was inteded behavior and therefore not a bug...

CVE-2024-12840

A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /httpproxies/testconnection, when supplied with the httpproxies variable set to localhost, the attacker can fetch the localhost banner. Mitigation Mitigation for this issue is either not available or the current...

SUSE-SU-2024:4390-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2024-53008: Fixed HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server bsc1233973 Other fixes: - Update to version 2.8.11...

Debian dla-3996 : gunicorn - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3996 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3996-1 [email protected] https://www.debian.org/lts/security/...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.5 Security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: ruby

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server

HTTP Request Smuggling Detection Tool This repository contain...

CVE-2024-53688

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request...

CVE-2024-53688

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup (SUSE-SU-2024:4352-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4352-1 advisory. - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header...

SUSE SLES15 Security Update : libsoup (SUSE-SU-2024:4365-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4365-1 advisory. - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 - CVE-2024-52531:...

openSUSE Security Advisory (SUSE-SU-2024:4352-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:4355-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup2 (SUSE-SU-2024:4349-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4349-1 advisory. - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header...

openSUSE Security Advisory (SUSE-SU-2024:4349-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...