11241 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-10719
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the getLanguage and getClassTypeFields functions used by the Asset Publisher configuration UI. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious inp...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the getLanguage and getClassTypeFields functions used by the Asset Publisher configuration UI. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious inp...
ROS-20250819-08
A vulnerability in the Transfer-Encoding and Content-Length headers of the Netty networking software tool is related to a flaw in the interpretation of HTTP requests. a flaw in the interpretation of HTTP requests. Exploitation of the vulnerability could allow an attacker, acting remotely, to impa...
Linux Distros Unpatched Vulnerability : CVE-2020-27221
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting...
Linux Distros Unpatched Vulnerability : CVE-2025-4207
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte...
Linux Distros Unpatched Vulnerability : CVE-2016-1000338
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject ext...
Linux Distros Unpatched Vulnerability : CVE-2018-12115
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and...
Linux Distros Unpatched Vulnerability : CVE-2019-16786
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall...
Linux Distros Unpatched Vulnerability : CVE-2019-15605
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed CVE-2019-15605 Note that Nessus relies on...
Linux Distros Unpatched Vulnerability : CVE-2018-6076
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack v...
Linux Distros Unpatched Vulnerability : CVE-2022-38143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to...
Linux Distros Unpatched Vulnerability : CVE-2020-7238
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace such as a spaceTransfer-Encoding:chunked line and a later...
Linux Distros Unpatched Vulnerability : CVE-2019-16789
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and...
Linux Distros Unpatched Vulnerability : CVE-2025-53629
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the...
Linux Distros Unpatched Vulnerability : CVE-2021-27918
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an...
Linux Distros Unpatched Vulnerability : CVE-2019-20445
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding...
Linux Distros Unpatched Vulnerability : CVE-2020-35655
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...
CLSA-2025-1755270833 Fix CVE(s): CVE-2025-1795
SECURITY UPDATE: incorrect unicode encoding of separating comma in folded address list - debian/patches/CVE-2025-1795.patch: Fix misfolding of comma in address- lists over multiple lines in combination with unicode encoding - CVE-2025-1795...
Linux Distros Unpatched Vulnerability : CVE-2022-3109
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointe...