Lucene search
K

924 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2026/02/11 12:0 a.m.7 views

Security update for libsoup (important)

openSUSE security update: security update for libsoup ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20186-1 Rating: important References: bsc1257440 bsc1257598 Cross-References: CVE-2026-1536 CVE-2026-1761 CVSS scores: CVE-2026-1536 SUSE : 8.6...

9.2CVSS6AI score0.00947EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/02/10 8:17 p.m.15 views

tornado: Tornado Quadratic DoS via Crafted Multipart Parameters

A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/10 7:17 p.m.5 views

tornado: Tornado Quadratic DoS via Crafted Multipart Parameters

A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/10 6:26 p.m.4 views

tornado: Tornado Quadratic DoS via Crafted Multipart Parameters

A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/10 5:54 p.m.3 views

tornado: Tornado Quadratic DoS via Crafted Multipart Parameters

A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References7
OSV
OSV
added 2026/02/06 11:13 a.m.3 views

OPENSUSE-SU-2026:20186-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2026-1536: HTTP header injection or response splitting via CRLF injection in the Content-Disposition header bsc1257440. - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer...

8.6CVSS6AI score0.00947EPSS
Exploits1References4
OSV
OSV
added 2026/02/06 11:13 a.m.2 views

SUSE-SU-2026:20238-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2026-1536: HTTP header injection or response splitting via CRLF injection in the Content-Disposition header bsc1257440. - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer...

8.6CVSS6AI score0.00947EPSS
Exploits1References5
OSV
OSV
added 2026/02/06 11:13 a.m.1 views

SUSE-SU-2026:20339-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2026-1536: HTTP header injection or response splitting via CRLF injection in the Content-Disposition header bsc1257440. - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer...

8.6CVSS6AI score0.00947EPSS
Exploits1References5
OSV
OSV
added 2026/01/28 4:16 p.m.6 views

AZL-76370 CVE-2026-1536 affecting package libsoup for versions less than 3.4.4-12

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS6.1AI score0.00298EPSS
Exploits1References1
OSV
OSV
added 2026/01/28 4:16 p.m.6 views

AZL-76395 CVE-2026-1536 affecting package libsoup for versions less than 3.0.4-12

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS5.8AI score0.00298EPSS
Exploits1References1
NVD
NVD
added 2026/01/28 4:16 p.m.8 views

CVE-2026-1536

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS0.00298EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/01/28 4:16 p.m.4 views

CVE-2026-1536

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS6AI score0.00298EPSS
Exploits1References3
OSV
OSV
added 2026/01/28 4:16 p.m.6 views

UBUNTU-CVE-2026-1536

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS6.1AI score0.00298EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/28 3:15 p.m.44 views

CVE-2026-1536 Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition header

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS0.00298EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/28 3:15 p.m.4 views

EUVD-2026-4887

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS5.9AI score0.00298EPSS
Exploits1References2
CVE
CVE
added 2026/01/28 3:15 p.m.51 views

CVE-2026-1536

CVE-2026-1536 refers to a flaw in the libsoup HTTP library where an attacker able to control the Content-Disposition header input can inject CRLF sequences. This results in arbitrary HTTP header injection or HTTP response splitting without authentication. The connected IBM ACE bulletin documents ...

5.8CVSS5.9AI score0.00298EPSS
Exploits1References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/01/28 3:15 p.m.5 views

CVE-2026-1536

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS5.9AI score0.00298EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/28 3:15 p.m.4 views

CVE-2026-1536 Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition header

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS5.9AI score0.00298EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/28 3:15 p.m.6 views

CVE-2026-1536

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS5.9AI score0.00298EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.9 views

LibSoup injection vulnerability

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a vulnerability due to improper control of the Content-Disposition header, which may lead to HTTP header injection or HTTP response splitting...

5.8CVSS6AI score0.00298EPSS
Exploits1References2
Rows per page
Query Builder