CVE-2024-34883

CVE-2024-34883 affects 1C-Bitrix Bitrix24 v23.300.100. The vulnerability arises from insufficient protection of credentials in the DAV server settings, enabling remote administrators to read proxy-server account passwords via an HTTP GET request. Impact is confidentiality: high. Exploitation deta...

CVE-2024-48352

Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID...

CVE-2024-48352

Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID...

CVE-2024-48352

Yealink Meeting Server (YMS) prior to version 26.0.0.67 is vulnerable to sensitive data exposure in server responses when an HTTP request with an enterprise ID is sent. The CVE-2024-48352 entry details a high-severity issue (CVSSv3.1 7.5) with network vector, low attack complexity, and no privile...

CVE-2024-48352

Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID...

CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

GHSA-CHGM-7R52-WHJJ Hashicorp Consul Path Traversal vulnerability

A vulnerability was identified in Consul and Consul Enterprise "Consul" such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

JVN#87770340: Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains a stack-based buffer overflow vulnerability CWE-121 due to inappropriate parsing process of HTTP request. Impact Receiving a specially...

Important: ruby3.2

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

Important: ruby3.2

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

CVE-2024-39721

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...

CVE-2024-39721

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...

CVE-2024-39720

CVE-2024-39720 affects Ollama prior to 0.1.46. An attacker can craft and send two HTTP requests to upload a malformed GGUF file (4 bytes) beginning with the GGUF header, using a malicious Modelfile that FROM-references an attacker-controlled blob file. This triggers a crash in the CreateModel rou...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2024-743)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-743 advisory. An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., GET /admin...

CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

CVE-2024-10005 Consul L7 Intentions Vulnerable To URL Path Bypass

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

CVE-2024-10005

CVE-2024-10005 affects Consul and Consul Enterprise. The issue arises from using URL paths in L7 traffic intentions, allowing bypass of HTTP request path-based access rules. Evidence from multiple sources (NVD entry and industry advisories) confirms the vulnerability in Consul’s URL path handling...

CVE-2024-33623

A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-24777

A cross-site request forgery CSRF vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability...