CVE-2026-43974

The CVE concerns the gun_http module of the Erlang-based Gun library (gun_http) in the Gun HTTP client. Affected versions: Gun 2.0.0 up to but not including 2.4.0. Root cause: when a 101 Switching Protocols response arrives over HTTP/1.1, Gun only validates the Upgrade header syntax and the strea...

EUVD-2026-35072

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

EEF-CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM

Summary Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is receive...

[SECURITY] Fedora 43 Update: kernel-7.0.10-101.fc43

The kernel meta package...

Astra Linux - уязвимость в chromium

Inappropriate implementations of the Extensions API in Google Chrome prior to version 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data through a crafted Chrome Extension...

Astra Linux - уязвимость в chromium

The inappropriate implementation of the HTML parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux - уязвимость в firefox

Firefox’s HTML parser did not correctly interpret HTML comment tags, leading to inconsistencies with other browsers. This vulnerability could have been exploited to embed user-controlled data within HTML comments on pages. This issue affects Firefox versions prior to 101...

Astra Linux - уязвимость в firefox

If array shift operations are not used, the Garbage Collector may become confused regarding valid objects. This vulnerability affects Firefox versions less than 101...

Astra Linux - уязвимость в firefox

Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 100. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploite...

Astra Linux - уязвимость в firefox, thunderbird

Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 100 and Firefox ESR 91.9. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited t...

Astra Linux - уязвимость в firefox, thunderbird

When exiting fullscreen mode, an iframe could mislead the browser regarding the current state of fullscreen, potentially causing confusion for users or leading to spoofing attacks. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

Astra Linux - уязвимость в chromium

Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass the trusted types policy through a crafted HTML page...

[SECURITY] Fedora 42 Update: kernel-6.19.14-101.fc42

The kernel meta package...

Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-101 (ALASECS-2026-101)

"The version of ecs-init installed on the remote host is prior to 1.102.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-101 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Un...

GHSA-XQ2H-P299-VJWV Pingora vulnerable to HTTP Request Smuggling via Premature Upgrade

Impact Pingora versions prior to 0.8.0 would immediately forward bytes following a request with an Upgrade header to the backend, without waiting for a 101 Switching Protocols response. This allows an attacker to smuggle requests to the backend and bypass proxy-level security controls. This...

EUVD-2026-9367

A Reflected Cross-Site Scripting XSS vulnerability in the /IDCLogging/index.cgi endpoint of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is...

CVE-2026-28774

An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters such as the pip...

CVE-2026-28769

A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...

CVE-2026-28772

CVE-2026-28772 describes a Reflected XSS in the IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101) affecting the /IDC_Logging/index.cgi endpoint. The vulnerability arises when the submitType parameter is reflected into the DOM without proper escaping, allowing an at...

CVE-2026-28771 Reflected XSS In /index.cgi Endpoint On IDC Satellite Receiver Web Management Interface Version 101

A Reflected Cross-Site Scripting XSS vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The application fails to adequately sanitize user-supplied input provided via the cat...