RLSA-2024:9573 Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...

libsoup security update

An update is available for libsoup. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libsoup packages provide an HTTP client and server library for GNOME...

HTTP Request Smuggling

io.undertow:undertow-core is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrect parsing of cookies with specific value-delimiting characters, enabling attackers to exfiltrate HttpOnly cookies or spoof additional cookie values...

RockyLinux 8 : libsoup (RLSA-2024:9573)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9573 advisory. libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names...

The vulnerability in the ap_mode.cgi script of NETGEAR’s router microprogramming devices R8500, XR300, R7000P, and R6400 v2 allows a hacker to induce a service failure.

The vulnerability of the apmode.cgi script in NETGEAR’s router microprogramming devices such as R8500, XR300, R7000P, and R6400 v2 lies in a buffer overflow that occurs during the processing of the apmodedns1pri and apmodedns1sec parameters. Exploiting this vulnerability allows an attacker to...

Security Bulletin: Several Security Vulnerabilities were discovered in IBM Security Directory Suite

Summary Several Security Vulnerabilities in the IBM Security Directory Integrator and Eclipse Jetty were addressed in the IBM Security Directory Suite. Vulnerability Details CVEID:CVE-2022-32759 DESCRIPTION: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to incorrect parsing of newlines in chunk extensions via the feeddata function. An attacker can bypass firewall or proxy protections by sending specially crafted requests. Note: Exploiting this vulnerability i...

GHSA-7CC9-J4MV-VCJP XXE in PHPSpreadsheet's XLSX reader

Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...

XXE in PHPSpreadsheet's XLSX reader

Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...

CVE-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

CVE-2021-1465

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...

CVE-2021-1425 Cisco Cisco Email Security Appliance and Content Security Management Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is bei...

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

CVE-2024-52943

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

CVE-2024-52941

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

CVE-2024-52943

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

CVE-2024-52942

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

PT-2024-13840 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 4.1.x through 4.1.16 Mastodon versions 4.2.x through 4.2.8 Description: The issue allows a bypass of rate limiting via a crafted HTTP request header. This means that an attacker can send a specially designed HTTP request...