CLSA-2026-1778836031 libsoup: Fix of CVE-2026-2708

CVE-2026-2708: reject duplicate Content-Length headers with different values to prevent HTTP request smuggling per RFC 9110 section 7.7...

UBUNTU-CVE-2026-2708

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

CVE-2026-2708

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

CVE-2026-2708

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

SUSE: Security Advisory (SUSE-SU-2026:0657-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup (SUSE-SU-2026:0690-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0690-1 advisory. - CVE-2025-32049: denial of Service attack to websocket server bsc1240751. - CVE-2026-2369: buff...

SUSE: Security Advisory (SUSE-SU-2026:0689-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2026:0657-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libsoup-2_4-1-2.74.3-17.1 on GA media (moderate)

libsoup-24-1-2.74.3-17.1 on GA media Announcement ID: openSUSE-SU-2026:10246-1 Rating: moderate Cross-References: CVE-2026-2708 CVSS scores: CVE-2026-2708 SUSE : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVE-2026-2708 SUSE : 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA...

Linux Distros Unpatched Vulnerability : CVE-2026-2708

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c...

MiracleLinux 8 : libdb-5.3.28-40.el8 (AXSA:2021-1805:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1805:02 advisory. libdb: Denial of service in the Data Store component CVE-2019-2708 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 4 : firefox-38.0-4.0.1.AXS4 (AXSA:2015-141:04)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2015-141:04 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...

TencentOS Server 3: libdb (TSSA-2022:0092)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0092 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2004-2708

Gyach Enhanced Gyach-E before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file...

Alibaba Cloud Linux 3 : 0092: libdb (ALINUX3-SA-2022:0092)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0092 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-2708: Vulnerability in the Data Store...

CVE-2025-2708

A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File Upload Interface. The manipulation of the argument path leads to path traversal. It is possible to...

SUSE-SU-2025:20067-1 Security update for libdb-4_8

This update for libdb-48 fixes the following issues: CVE-2019-2708: Fixed data store execution leading to partial DoS bsc1174414 Changes: libdb: Data store execution leads to partial DoS Backport the upsteam commits: - Fixed several possible crashes when running dbverify on a corrupted database...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-2708)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CBL Mariner 2.0 Security Update: libdb (CVE-2019-2708)

The version of libdb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-2708 advisory. - Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prio...

RHEL 6 : libdb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libdb: Reads DBCONFIG from the current working directory CVE-2017-10140 - Vulnerability in the Data Store...