CVE-2020-15632

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-waitress) security update

An update for python-waitress is now available for Red Hat OpenStack Platform 16.2 Train for Red Hat Enterprise Linux RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

PT-2025-35250

Name of the Vulnerable Software and Affected Versions CivetWeb versions 1.14 through 1.16 Description A buffer overflow in the URI parser of CivetWeb may allow a remote attacker to achieve remote code execution via a crafted HTTP request. This issue is triggered during request processing and may...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in SMB request processing in the ksmbd subsystem...

RHEL 9 : OpenShift Container Platform 4.12.70 (RHSA-2024:10535)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10535 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or priva...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

SUSE-SU-2024:3876-1 Security update for python-waitress

This update for python-waitress fixes the following issues: - CVE-2024-49768: Fixed request processing race condition in HTTP pipelining with invalid first request when lookahead is enabled bsc1232556 - CVE-2024-49769: Fixed incorrect connection clean up leads to a busy-loop and resource exhausti...

CVE-2024-49768 Waitress has request processing race condition in HTTP pipelining with invalid first request

Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and when the...

CVE-2024-49768

CVE-2024-49768 (Waitress) : A race condition in HTTP pipelining with request lookahead can cause a mismanaged second request while the first is being processed. Waitress 3.0.1 fixes the race; as a workaround, disable channel_request_lookahead (default 0). Public advisories reference exposure in I...

CVE-2024-49768 Waitress has request processing race condition in HTTP pipelining with invalid first request

Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and when the...

ROS-20240820-06

The aiohttp HTTP client vulnerability is related to flaws in HTTP request processing. Exploitation of the vulnerability could allow an attacker acting remotely to perform an "HTTP request smuggling" attack...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that originates from a problem or error in the server that prevents it from processing requests or providing services properly...

kernel: RDMA/siw: Fix connection failure handling

A NULL dereference vulnerability was found in the Linux kernel, which is caused when the siwcmworkhandler function attempts to dereference a NULL listener that may be created when immediate MPA request processing fails and the newly created endpoint unlinks the listening endpoint ready to be...

CVE-2023-41230

D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this...

CVE-2023-41230

The CVE-2023-41230 issue affects D-Link DIR-3040 routers. The vulnerable component is prog.cgi serving HNAP requests on lighttpd (ports 80/443). Root-context code execution arises from a stack-based buffer overflow caused by copying an unchecked user-supplied string into a fixed-size local buffer...

CVE-2023-41230 D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this...

CVE-2023-41229

The CVE-2023-41229 issue affects the D-Link DIR-3040 router. A heap-based buffer overflow in the prog.cgi handler for HNAP requests processed by the lighttpd webserver (ports 80/443) arises from inadequate validation of a user-supplied string, enabling an attacker with network proximity to execut...

CVE-2023-41229 D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this...

D-Link DIR-3040 安全漏洞

The D-Link DIR-3040 is a router from China-based AUO D-Link. It provides the function of connecting to the network. A security vulnerability exists in the D-Link DIR-3040 that stems from a HTTP request processing reference stack based buffer overflow remote code execution vulnerability...

D-Link DIR-3040 安全漏洞

The D-Link DIR-3040 is a router from China-based AUO D-Link. It provides the function of connecting to the network. A security vulnerability exists in the D-Link DIR-3040 that stems from a HTTP request processing reference heap-based buffer overflow remote code execution vulnerability...