CLSA-2025-1737153996 squid34: Fix of CVE-2024-25617

CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...

PT-2025-3014 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.2.0 through 7.6.0 FortiProxy versions 7.2.0 through 7.4.5 Description: The issue is related to an improper neutralization of crlf sequences in http headers, also known as 'http response splitting'. This allows an...

DEBIAN-CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

USN-7190-1 tinyproxy vulnerability

It was discovered that Tinyproxy did not properly manage memory during the parsing of HTTP connection headers. An attacker could use this issue to cause a DoS or possibly execute arbitrary code...

GHSA-GGWQ-XC72-33R3 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

Reflected XSS at /lgslfiles/lgsllist.php Description: Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When...

LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

Reflected XSS at /lgslfiles/lgsllist.php Description: Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When...

CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...

NETGEAR R6900P/R7000P Buffer Overflow Vulnerability

The NETGEAR R6900P and R7000P are wireless routers from NETGEAR that provide high-speed Internet connectivity and network management capabilities. The NETGEAR R6900P and R7000P suffer from a buffer overflow vulnerability that stems from the sub16C4C function in the HTTP Header Handler component...

CVE-2024-12988

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The...

CVE-2024-12988 Netgear R6900P/R7000P HTTP Header sub_16C4C buffer overflow

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The...

CVE-2024-12988

Netgear R6900P/R7000P (1.3.3.154) are affected by CVE-2024-12988 in the HTTP Header Handler, sub_16C4C. The Host parameter is mishandled, causing a buffer overflow that can be exploited remotely; public exploit exists. These devices are no longer supported by the maintainer. Remediation/public pa...

CVE-2024-12988 Netgear R6900P/R7000P HTTP Header sub_16C4C buffer overflow

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The...

CVE-2024-51464 IBM i authentication bypass

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i...

CVE-2024-51464 IBM i authentication bypass

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i...

CVE-2024-51464

IBM i versions 7.3, 7.4, and 7.5 are affected by CVE-2024-51464, a vulnerability that allows bypassing Navigator for i interface restrictions. An authenticated attacker can send a specially crafted request to remotely perform actions the user is not allowed to perform through Navigator for i. The...

Important: libsoup

Issue Overview: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup...