ROS-20240404-17

Vulnerability in the SMTP protocol implementation of Exim mail server is related to operation out of buffer boundaries in memory during request processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...

nodejs:16 security update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

BIT-ENVOY-2021-43825 Use-after-free in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered dat...

PT-2024-12398 · Fastrpc · Fastrpc

Name of the Vulnerable Software and Affected Versions: FastRPC affected versions not specified Description: The issue is related to Information Disclosure while processing IOCTL request in FastRPC. Recommendations: At the moment, there is no information about a newer version that contains a fix f...

CVE-2023-52513 RDMA/siw: Fix connection failure handling

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix connection failure handling In case immediate MPA request processing fails, the newly created endpoint unlinks the listening endpoint and is ready to be dropped. This special case was not handled correctly by the co...

Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty.

Summary Due to the use of Eclipse Jetty, Rational Service Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an...

Authorization Bypass

pixelfed/pixelfed is vulnerable to Authorization Bypass. The vulnerability is due to insufficient checks during request processing, allowing attackers to access and potentially modify administrative and moderator functionalities beyond intended user permissions...

Design/Logic Flaw

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contain...

CVE-2023-6393

CVE-2023-6393 affects the Quarkus Cache Runtime (quarkus-cache). The issue is a potential invalid reuse of context when a Uni cached with @CacheResult reuses the initial completion context, causing the processing to switch to the cached Uni instead of the request context. This can allow a POST re...

CVE-2023-6393

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contain...

CVE-2023-22382

Weak configuration in Automotive while VM is processing a listener request from TEE...

PT-2023-5832 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: The vulnerability is related to a heap-based buffer overflow in the HTTP request processing referer of D-Link DIR-3040 routers. This issue allows network-adjacent attackers to execu...

CVE-2023-26436

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processin...

ROS-20230620-03

A vulnerability in the HAProxy server software is related to a flaw in HTTP request processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute a "smuggling of HTTP requests" attack...

WordPress Plugin Pinterest Automatic 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress Plugin Pinterest Automatic...

Fixed in Apache Tomcat 11.0.0-M3

Important: Apache Tomcat information disclosure CVE-2023-28708 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Tomcat did not include the secure attribute. This could result in th...

K56331254: Apache HTTP server vulnerability CVE-2021-41524

Security Advisory Description While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No...

PT-2023-1414 · Zyxel · Zyxel Gs1915 +4

Name of the Vulnerable Software and Affected Versions: Zyxel GS1920-24v2 firmware versions prior to V4.70ABMH.8C0 Zyxel GS1350, GS1915, GS1920, GS2220 affected versions not specified Description: The issue is related to an improper check for unusual or exceptional conditions in the HTTP request...

Apache Traffic Server 代码问题漏洞

Apache Traffic Server ATS is a suite of scalable HTTP proxy and caching servers from the Apache Foundation in the United States. A code issue vulnerability exists in Apache Traffic Server versions 8.0.0 through 9.1.2 that stems from its handling of requests without checking for exceptions or...

KeySight N6854A and N6841A RF Sensor Insecure Deserialization (CVE-2022-1660)

An insecure deserialization vulnerability exists in KeySight N6854A and N6841A RF Sensor. This vulnerability is due to Java serialization issues when processing requests...