AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass

VULNERABILITY: HTTP/2 Cleartext h2c Upgrade Authentication Bypass ======================================================================== Severity: CRITICAL CVSS 3.1: 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE: CWE-287 Improper Authentication Component: internal/home/web.go Affected:...

PT-2025-42759

Name of the Vulnerable Software and Affected Versions libwebsockets affected versions not specified Description A use-after-free issue exists in the WebSocket server implementation within the lws handshake server function of libwebsockets. This can lead to a denial of service if an attacker...

ADC LB VIP sending Reset with code 9872

1. Application was being accessed through the LB vServer and it was not loading 2.nstrace taken on the ADC showedRST flag:0x014 sent by VIP to the client in response to almost every GET request sent by the client. 3. ADC was sending RST with window size 9872 which means Websocket upgrade request...

CVE-2022-45045

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...

CVE-2022-45045

The CVE-2022-45045 issue affects Xiongmai NVR models such as MBD6304T (V4.02.R11.00000117.10001.131900.00000) and NBD6808T-PL (V4.02.R11.C7431119.12001.130000.00000). It allows an authenticated attacker to execute arbitrary OS commands as root by supplying a crafted JSON during an upgrade request...

CVE-2022-45045

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...

Digium Asterisk res_http_websocket Denial of Service (CVE-2018-17281)

A denial of service vulnerability exists in Digium Asterisk reshttpwebsocket. The vulnerability may occur when sending an HTTP Upgrade Request. Successful exploitation of this vulnerability could allow a remote attacker to cause denial of service conditions on the target system...

Design/Logic Flaw

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or...

Apache HTTP Server < 2.4.39 mod_http2 DoS Vulnerability - Linux

When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for...

ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability CVE Identifier: CVE-2015-0540 Severity Rating: CVSSv2 Base Score: 8.0 AV:N/AC:L/Au:S/C:P/I:P/A:C Affected products: • EMC Document Sciences xPression 4.2 • EMC Document Sciences...

SuSE 11.2 / 11.3 Security Update : Apache2 (SAT Patch Numbers 8137 / 8138)

This collective update for Apache provides the following fixes : - Make sure that input that has already arrived on the socket is not discarded during a non-blocking read read2 returns 0 and errno is set to -EAGAIN. bnc815621 - Close the connection just before an attempted re-negotiation if data...

PT-2013-56: Path Traversal in Huawei SGSN USN9810

The specialists of the Positive Research center have detected a Path Traversal vulnerability in Huawei SGSN USN9810. REPORTDIR parameter allows the use of symbols, which enable going beyond the current directory. How to fix Customers can contact the Huawei Technical Assistance Center TAC to reque...