CVE-2022-22532

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the...

GHSA-F268-65QC-98VG Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a buffer error vulnerability that exists due to a boundary error when processing HTML content. An attacker could exploit the vulnerability to create a specially crafted web page, trick a victim...

Sensio Labs Twig 代码代码注入漏洞

Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...

varnish: HTTP/1 request smuggling vulnerability

A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...

undertow: client side invocation timeout raised when calling over HTTP2

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

undertow: client side invocation timeout raised when calling over HTTP2

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

undertow: client side invocation timeout raised when calling over HTTP2

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. A resource management error vulnerability exists in versions of Google Chrome prior to 98.0.4758.80. A remote attacker could exploit the vulnerability to exploit heap corruption via a carefully crafted HTML page...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A type obfuscation vulnerability exists in Google Chrome, which can be exploited by remote attackers to potentially exploit heap corruption via well-designed HTML pages...

The vulnerability of TP-Link Archer AX10 router’s microprogramming software, related to deficiencies in HTTP request processing, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of TP-Link Archer AX10 router’s microprogramming software is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...

Google Chrome 安全特征问题漏洞

Google Chrome is a web browser from Google, Inc. A security feature vulnerability exists in versions of Google Chrome prior to 98.0.4758.80, which can be exploited by remote attackers to bypass navigation restrictions via carefully designed HTML pages...

UBUNTU-CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections...

PT-2022-16370

Name of the Vulnerable Software and Affected Versions Varnish Cache versions 6.0.0 through 6.6.1 Varnish Cache 6.0 LTS versions 6.0.0 through 6.0.9 Varnish Cache 7.x versions 7.0.0 through 7.0.1 Varnish Enterprise Cache Plus 4.1.x versions 4.1.0 through 4.1.11r5 Varnish Enterprise Cache Plus 6.0....

Reolink Rlc-410W 输入验证错误漏洞

Reolink Rlc-410W is a Wifi security camera from Reolink China.A denial of service vulnerability exists in Reolink RLC-410W, which can be exploited by attackers to cause a reboot via a compiled HTTP request...

Apache ShenYu 访问控制错误漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the Apache Apache Foundation. Apache ShenYu has an Access Control Error vulnerability in versions 2.4.0 and 2.4.1 that stems from a lack of authentication of ShenYu Admin when registering over HTTP. A...

The vulnerabilities of the Transfer-Encoding and Content-Length headers in the Netty network programming framework, related to deficiencies in HTTP request interpretation, allow attackers to compromise data integrity.

The vulnerability of the Transfer-Encoding and Content-Length headers in the Netty network programming framework is related to a lack of proper interpretation of HTTP requests. Exploiting this vulnerability allows an attacker to compromise the integrity of data...

The vulnerability of the Netty network programming framework lies in the lack of proper interpretation of HTTP requests, which allows attackers to compromise data integrity.

The vulnerability of the Netty network programming framework is related to a lack of proper interpretation of HTTP requests. Exploiting this vulnerability allows an attacker to compromise data integrity from a remote location...

haproxy: an HTTP method name may contain a space followed by the name of a protected resource

haproxy has an input validation flaw that could allow a remote attacker to bypass implemented security restrictions. An HTTP method name may contain a space followed by the name of a protected resource. Given this, It is possible that an server would interpret this as a request for that protected...

CVE-2022-21373

Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite component: Reseller Locator. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner...