Lucene search
K

34 matches found

RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.4 views

CVE-2026-29085

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE in Streaming Helper, the event, id, and retry fields were not validated for carriage return \r or newline \n characters. Because the SSE protocol uses line breaks as...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.3 views

CVE-2026-29045

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...

9.8CVSS5.8AI score0.00437EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/05 2:7 a.m.3 views

CRLF Injection

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to CRLF Injection via the setCookie utility. An attacker can inject unauthorized cookie attributes by supplying specially crafted input containing semicolons, carriage returns, or newline...

6.3CVSS5.8AI score0.00216EPSS
Exploits0References2
NVD
NVD
added 2026/03/04 11:16 p.m.7 views

CVE-2026-29045

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...

9.8CVSS0.00437EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/04 10:9 p.m.28 views

CVE-2026-29085 Hono: SSE Control Field Injection via CR/LF in writeSSE()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE in Streaming Helper, the event, id, and retry fields were not validated for carriage return \r or newline \n characters. Because the SSE protocol uses line breaks as...

6.5CVSS0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/04 10:9 p.m.24 views

CVE-2026-29045 Hono: Arbitrary file access via serveStatic vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...

7.5CVSS0.00437EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/04 10:9 p.m.4 views

CVE-2026-29045 Hono: Arbitrary file access via serveStatic vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...

7.5CVSS5.8AI score0.00437EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.6 views

PT-2026-23077

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.4 Description The setCookie utility did not properly validate semicolons ;, carriage returns r, or newline characters in the domain and path options when creating the Set-Cookie header. Because cookie attributes are...

5.4CVSS6AI score0.00216EPSS
Exploits0References177
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.7 views

Hono 注入漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 had an injection vulnerability. This vulnerability stemmed from the streamSSE function not verifying carriage returns or line feeds in event, ID, and retry fields, which could lead to the...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.11 views

Hono 安全漏洞

Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 contained security vulnerabilities. These vulnerabilities stemmed from the setCookie tool, which did not validate the semicolons, line breaks, or newlines in the domain and path parameters when...

5.4CVSS5.8AI score0.00216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001276)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001276 advisory. drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service NULL pointer dereference and system crash or possibly hav...

7.8CVSS6.7AI score0.00418EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-10663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sanitycheckckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gai...

7.8CVSS6AI score0.00436EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.8 views

PT-2025-34: Privilege escalation from host to domain admin in FreeIPA

The vulnerability was identified in FreeIPA, versions to 4.12.4. The discovered vulnerability allows an attacker to retrieve a Kerberos ticket for domain admin. The vulnerability allows an attacker to access and exfiltrate sensitive data. Vulnerability status: Confirmed by vendor Date of...

9.4CVSS7.5AI score0.01827EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/02/20 6:30 p.m.33 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.4 security update

Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.2 views

SUSE CVE-2020-10760

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba...

6.5CVSS6.8AI score0.02659EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.14 views

SUSE: Security Advisory (SUSE-SU-2020:3413-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.4CVSS5.7AI score0.00393EPSS
Exploits0References2
OSV
OSV
added 2021/01/26 8:15 p.m.24 views

CVE-2021-3308

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors...

5.5CVSS6.5AI score
Exploits0References4
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.6 views

Xen Security Vulnerabilities

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen 4.12....

5.5CVSS6AI score0.00417EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.29 views

SUSE SLES12 Security Update : xen (SUSE-SU-2020:3414-1)

This update for xen fixes the following issues : Security issue fixed : CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 bsc1178591. Non-security issues fixed : Updated to Xen 4.12.4 bug fix release bsc1027519. Fixed a panic during MSI cleanup on AMD...

4.4CVSS6.3AI score0.00393EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.29 views

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:3413-1)

This update for xen fixes the following issues : Security issue fixed : CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 bsc1178591. Non-security issues fixed : Updated to Xen 4.12.4 bug fix release bsc1027519. Fixed a panic during MSI cleanup on AMD...

4.4CVSS6.3AI score0.00393EPSS
Exploits0References6
Rows per page
Query Builder