CVE-2024-49768 Waitress has request processing race condition in HTTP pipelining with invalid first request

Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and when the...

CVE-2024-49768

CVE-2024-49768 (Waitress) : A race condition in HTTP pipelining with request lookahead can cause a mismanaged second request while the first is being processed. Waitress 3.0.1 fixes the race; as a workaround, disable channel_request_lookahead (default 0). Public advisories reference exposure in I...

The vulnerability of the Manage Bank Statement Handler component of the SAP S/4HANA software platform allows a malicious individual to gain access to modify or delete files.

The vulnerability of the Manage Bank Statement Handler component in the SAP S/4HANA software platform is related to the absence of a mechanism to prevent unintended modifications to resources during request processing. Exploiting this vulnerability could allow an attacker to gain access to modify...

The vulnerability of the aiohttp HTTP client, related to deficiencies in HTTP request processing, allows attackers to execute the “HTTP request hijacking” attack.

The vulnerability of the aiohttp HTTP client is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute an “HTTP request hijacking” attack...

ROS-20240820-06

The aiohttp HTTP client vulnerability is related to flaws in HTTP request processing. Exploitation of the vulnerability could allow an attacker acting remotely to perform an "HTTP request smuggling" attack...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that originates from a problem or error in the server that prevents it from processing requests or providing services properly...

kernel: RDMA/siw: Fix connection failure handling

A NULL dereference vulnerability was found in the Linux kernel, which is caused when the siwcmworkhandler function attempts to dereference a NULL listener that may be created when immediate MPA request processing fails and the newly created endpoint unlinks the listening endpoint ready to be...

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory processes, related to the failure to protect the SQL query structure, allows attackers to disclose protected information.

The vulnerability of the GLPI system’s request, incident, and inventory management functions is related to the failure to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

The vulnerability of the WSGI-server Gunicorn, related to defects in HTTP request processing, allows attackers to circumvent existing security restrictions and execute a “HTTP request hijacking” attack.

The vulnerability of the WSGI-server Gunicorn is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and carry out an “HTTP request hijacking” attack...

The vulnerability of Windows operating system DNS servers, which allows a hacker to execute arbitrary code

The vulnerability of DNS servers for Windows operating systems relates to the use of memory after it is freed during request processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-41230

D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this...

CVE-2023-41230

The CVE-2023-41230 issue affects D-Link DIR-3040 routers. The vulnerable component is prog.cgi serving HNAP requests on lighttpd (ports 80/443). Root-context code execution arises from a stack-based buffer overflow caused by copying an unchecked user-supplied string into a fixed-size local buffer...

CVE-2023-41230 D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this...

CVE-2023-41229

The CVE-2023-41229 issue affects the D-Link DIR-3040 router. A heap-based buffer overflow in the prog.cgi handler for HNAP requests processed by the lighttpd webserver (ports 80/443) arises from inadequate validation of a user-supplied string, enabling an attacker with network proximity to execut...

CVE-2023-41229 D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this...

D-Link DIR-3040 安全漏洞

The D-Link DIR-3040 is a router from China-based AUO D-Link. It provides the function of connecting to the network. A security vulnerability exists in the D-Link DIR-3040 that stems from a HTTP request processing reference heap-based buffer overflow remote code execution vulnerability...

D-Link DIR-3040 安全漏洞

The D-Link DIR-3040 is a router from China-based AUO D-Link. It provides the function of connecting to the network. A security vulnerability exists in the D-Link DIR-3040 that stems from a HTTP request processing reference stack based buffer overflow remote code execution vulnerability...

ROS-20240404-17

Vulnerability in the SMTP protocol implementation of Exim mail server is related to operation out of buffer boundaries in memory during request processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...

nodejs:16 security update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

BIT-ENVOY-2021-43825 Use-after-free in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered dat...