USN-7490-3 libsoup3 vulnerabilities

USN-7490-1 fixed vulnerabilities in libsoup2.4. This update provides the corresponding updates for libsoup3. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a malicious...

Cisco IOS和Cisco IOS XE 安全漏洞

Cisco IOS and Cisco IOS XE are both products of Cisco, Inc.Cisco IOS is a suite of operating systems developed for its network devices.Cisco IOS XE is a single operating system. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE...

Bosch Rexroth ctrlX OS 安全漏洞

Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, an open control platform designed for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS, which originates from a specially crafted HTTP request in the certificate and ke...

Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

php: Configuring a proxy in a stream context might allow for CRLF injection in URIs

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

The vulnerability of TOTOLINK N150RT router microprogramming software, related to copying buffers without checking the size of input data, allows a hacker to execute arbitrary code.

The vulnerability of TOTOLINK N150RT router microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted POST request...

Zyxel AMG1302-T10B 安全漏洞

The Zyxel AMG1302-T10B is an integrated wireless ADSL2+ router from Zyxel China. A security vulnerability exists in the Zyxel AMG1302-T10B version 2.00AAJC.16C0, which originates from a specially crafted HTTP request that results in path traversal and possible access to a restricted directory...

WebServer 注入漏洞

WebServer is a C++ Linux WebServer server by MARK Individual Developers. An injection vulnerability exists in WebServer version 1.0, which originates from SQL injection due to manipulation of the username/password parameters by the Registration component in file code/http/httprequest.cpp...

CVE-2024-58249

In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...

CVE-2024-58249

In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL...

UBUNTU-CVE-2024-58249

In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL...

CVE-2024-58249

In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to submit a special Web request that can be tricked into being parsed by the user, crashing the application or executing arbitrary...

UBUNTU-CVE-2025-32906

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling when processing queries. An attacker can smuggle another query packet into the connection stream by using a large, uncompressed malicious external data. Note: This is only exploitable if the attacker controls the...

CVE-2024-51461

IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources...

Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI

Exchange Server and SharePoint Server are business-critical assets and considered crown jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server now integrate with th...

The vulnerability of the Go programming language’s net/http package, related to deficiencies in HTTP request processing, allows attackers to execute arbitrary code.

The vulnerability of the net/http package in the Go programming language is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Google Chrome Input Validation Error Vulnerability

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an input validation error vulnerability, which stems from an improper implementation in Intents, that can be exploited by an attacker to submit a special Web request that can be elevated in privilege by...

Malicious code in @hongfangze/http-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 329e7512b9a53734a0d6d5318623dd66ecc2b6294c46e8418bd5d888ad31eb69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...