CVE-2024-37606

A Stack overflow vulnerability in D-Link DCS-932L REVBFIRMWARE2.18.01 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2024-37607

The CVE-2024-37607 issue affects D-Link DAP-2555 with REVA_FIRMWARE_1.20. A buffer overflow in the device’s HTTP handling (notably in /sbin/httpd per PT-Security) can be triggered by crafted HTTP requests, leading to Denial of Service. Public summaries describe the vulnerability as remote, with n...

CVE-2024-37606

CVE-2024-37606 affects D-Link DCS-932L REVB firmware (2.18.01). The vulnerability is a stack/buffer overflow in the alphapd component that can be triggered by a crafted HTTP request, leading to Denial of Service. The issue is documented across multiple sources (NVD/NVD-derived listings, CNVD, Red...

BIT-NODE-MIN-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

BIT-NODE-MIN-2022-32213

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

BIT-NODE-MIN-2022-32214

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...

BIT-NODE-MIN-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

BIT-NODE-MIN-2022-35256

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling...

BIT-NODE-MIN-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

USN-7157-2: PHP regression

USN-7157-1 fixed vulnerabilities in PHP. The patch for CVE-2024-8932 caused a regression in php7.4. This update fixes the problem. Original advisory details: It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker coul...

OESA-2024-2548 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

OESA-2024-2547 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

OESA-2024-2545 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service

Boundary Community Edition and Boundary Enterprise “Boundary” incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup2 (SUSE-SU-2024:4290-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4290-1 advisory. - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header...

CVE-2024-12289

CVE-2024-12289 affects Boundary Community Edition and Boundary Enterprise. The issue occurs during initialization of the Boundary controller, where HTTP requests are mishandled and may cause the Boundary server to terminate prematurely. Fixed in Boundary 0.16.4, 0.17.3, and 0.18.2. Connected docu...

CVE-2024-28145 Unauthenticated SQL Injection

An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNI...

CLSA-2024-1734006823 php: Fix of CVE-2024-11234

CVE-2024-11234: Fix possibility of HTTP request smuggling in configured proxy URI by prohibiting CRLF injection...

Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse

Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a valid vulnerability. This link is maintained to preserve external references. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2024-4109. Original Description A flaw was found in Undertow. An...

CVE-2024-4109

Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability...