16587 matches found
CVE-2024-48871
CVE-2024-48871 affects Planet Technology’s Planet WGS-804HPT industrial switch. The issue is a stack-based buffer overflow exposed via a crafted HTTP request, allowing unauthenticated remote code execution. Public mentions in THN’s coverage confirm this CVE as part of a set of flaws in the dispat...
CVE-2024-30129 HCL Nomad server on Domino is affected by a host header injection vulnerability
The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address...
CVE-2024-42196
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...
BIT-HAPROXY-2024-53008
Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...
IBM Jazz Foundation Access Control Error Vulnerability
IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. An Access Control Error vulnerability exists in IBM Jazz Foundation versions 7.0.2 and 7.0.3 that stems from improper access control and can be exploited by a...
CVE-2024-9197
A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50ABPM.9.2C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service DoS condition against the web...
CVE-2024-53990
A flaw was found in the AsyncHttpClient AHC library. When making any HTTP request, the automatically enabled and self-managed CookieStore will silently replace explicitly defined cookies with any that have the same name from the CookieStore. For services that operate with multiple users, this can...
CVE-2024-53990 AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...
Mageia: Security Advisory (MGASA-2024-0382)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated libsoup3 & libsoup packages fix security vulnerabilities
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup before 3.6.1...
MGASA-2024-0382 Updated libsoup3 & libsoup packages fix security vulnerabilities
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup before 3.6.1...
SUSE CVE-2024-53008
Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...
CVE-2024-8308
A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data which allows to exfiltrate all data...
CVE-2024-8308
CVE-2024-8308 concerns the Siempelkamp NIS UmweltOffice web application. Multiple connected sources confirm a vulnerability in the HTTP request input handling that enables a low-privileged remote attacker to perform a SQL injection and exfiltrate all data. Affected software is UmweltOffice (Siemp...
CVE-2024-8308 Siempelkamp: SQL injection due to improper handling of HTTP request input data
A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data which allows to exfiltrate all data...
CVE-2024-8308 Siempelkamp: SQL injection due to improper handling of HTTP request input data
A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data which allows to exfiltrate all data...
CVE-2024-53008
Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...
DEBIAN-CVE-2024-53008
Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...
CVE-2024-53008
Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...
CVE-2024-53008
Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...