SUSE CVE-2022-28734

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business models RV016, RV042, RV042G, RV082, RV320, and RV325 allows a hacker to execute arbitrary commands on the device.

The vulnerability of the web interface for managing microprogrammed software routers from Cisco, such as Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325, is related to insufficient validation of input data during HTTP packet processing. Exploiting this vulnerability allows a...

undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server...

Micrium uC-HTTP 缓冲区错误漏洞

Micrium uC-HTTP is a software from Micrium USA that provides TCP/IP functionality for devices. The software is designed for embedded applications with a compact, reliable, high-performance TCP/IP stack with dual support for IPv4 and IPv6. A security vulnerability exists in Micrium uC-HTTP version...

curl 资源管理错误漏洞

curl is a tool for transferring data from or to a server. A security vulnerability exists in curl, which stems from a problem in error/cleanup handling that could result in a double release if a transfer with a non-HTTPS URL is performed using an HTTP proxy...

Allocation of Resources Without Limits or Throttling

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: An attacker can cause unbounded memory growth in servers accepting HTTP/2 requests. Remediation...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.

The vulnerability of the Outside In Filters component in Oracle’s software development kit SDK is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, arises due to the failure to take measures to eliminate special elements used in the operating system’s command set. This vulnerability allows a perpetrator to execute arbitrary code.

The vulnerability of Fortinet FortiWLM’s WLAN access point and LAN switch management systems exists due to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a...

GHSA-F268-65QC-98VG Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

UBUNTU-CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections...

Apache ShenYu 访问控制错误漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the Apache Apache Foundation. Apache ShenYu has an Access Control Error vulnerability in versions 2.4.0 and 2.4.1 that stems from a lack of authentication of ShenYu Admin when registering over HTTP. A...

The vulnerabilities of the Transfer-Encoding and Content-Length headers in the Netty network programming framework, related to deficiencies in HTTP request interpretation, allow attackers to compromise data integrity.

The vulnerability of the Transfer-Encoding and Content-Length headers in the Netty network programming framework is related to a lack of proper interpretation of HTTP requests. Exploiting this vulnerability allows an attacker to compromise the integrity of data...

PT-2021-23300 · Tp Link · Tp-Link Ax10V1

Name of the Vulnerable Software and Affected Versions: TP-Link AX10v1 versions prior to V1 211117 Description: A misconfiguration in the HTTP/1.0 and HTTP/1.1 protocols of the web interface allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigur...

undertow: potential security issue in flow control over HTTP/2 may lead to DOS

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability...

Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports

The Mozilla Foundation Security Advisory describes this flaw as: The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on...

USN-5042-1 haproxy vulnerabilities

It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions...

Actix-http 环境问题漏洞

Actix-http is the HTTP primitive for the Actix ecosystem. An environmental issue vulnerability exists in Actix-http that stems from the product's failure to detect HTTP HRS requests, which can be exploited by an attacker to cause a credential disclosure. The following products and versions are...

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

The vulnerability of the Squid proxy server arises from insufficient validation of the data entered by users when sending HTTP request responses. This allows attackers to trigger a service failure.

The vulnerability of the Squid proxy server exists due to insufficient validation of the data entered by users when responding to HTTP requests. Exploiting this vulnerability allows a malicious actor to cause service failures...

The vulnerability of the Management Console component in the Oracle Cloud Infrastructure Storage Gateway allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Management Console component in Oracle Cloud Infrastructure Storage Gateway is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information throu...