34 matches found
CVE-2026-29085
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE in Streaming Helper, the event, id, and retry fields were not validated for carriage return \r or newline \n characters. Because the SSE protocol uses line breaks as...
CVE-2026-29045
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...
CRLF Injection
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to CRLF Injection via the setCookie utility. An attacker can inject unauthorized cookie attributes by supplying specially crafted input containing semicolons, carriage returns, or newline...
CVE-2026-29045
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...
CVE-2026-29085 Hono: SSE Control Field Injection via CR/LF in writeSSE()
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE in Streaming Helper, the event, id, and retry fields were not validated for carriage return \r or newline \n characters. Because the SSE protocol uses line breaks as...
CVE-2026-29045 Hono: Arbitrary file access via serveStatic vulnerability
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...
CVE-2026-29045 Hono: Arbitrary file access via serveStatic vulnerability
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...
PT-2026-23077
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.4 Description The setCookie utility did not properly validate semicolons ;, carriage returns r, or newline characters in the domain and path options when creating the Set-Cookie header. Because cookie attributes are...
Hono 注入漏洞
Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 had an injection vulnerability. This vulnerability stemmed from the streamSSE function not verifying carriage returns or line feeds in event, ID, and retry fields, which could lead to the...
Hono 安全漏洞
Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 contained security vulnerabilities. These vulnerabilities stemmed from the setCookie tool, which did not validate the semicolons, line breaks, or newlines in the domain and path parameters when...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001276)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001276 advisory. drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service NULL pointer dereference and system crash or possibly hav...
Linux Distros Unpatched Vulnerability : CVE-2017-10663
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sanitycheckckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gai...
PT-2025-34: Privilege escalation from host to domain admin in FreeIPA
The vulnerability was identified in FreeIPA, versions to 4.12.4. The discovered vulnerability allows an attacker to retrieve a Kerberos ticket for domain admin. The vulnerability allows an attacker to access and exfiltrate sensitive data. Vulnerability status: Confirmed by vendor Date of...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.4 security update
Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...
SUSE CVE-2020-10760
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba...
SUSE: Security Advisory (SUSE-SU-2020:3413-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3308
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors...
Xen Security Vulnerabilities
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen 4.12....
SUSE SLES12 Security Update : xen (SUSE-SU-2020:3414-1)
This update for xen fixes the following issues : Security issue fixed : CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 bsc1178591. Non-security issues fixed : Updated to Xen 4.12.4 bug fix release bsc1027519. Fixed a panic during MSI cleanup on AMD...
SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:3413-1)
This update for xen fixes the following issues : Security issue fixed : CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 bsc1178591. Non-security issues fixed : Updated to Xen 4.12.4 bug fix release bsc1027519. Fixed a panic during MSI cleanup on AMD...