10932 matches found
Astra Linux - уязвимость в firefox, thunderbird
Methods AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding, and AppendEncodedCharacters may experience integer overflows, resulting in underallocation of an output buffer and thus causing out-of-bounds write attacks. This vulnerability affects Firefox 124, Firefox ESR 115.9, and...
Astra Linux - уязвимость в netty
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace such as a spaceTransfer-Encoding:chunked line and a later Content-Length header. This issue exists due to an incomplete fix for CVE-2019-16869...
Astra Linux - уязвимость в ffmpeg5
When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, decompress and decode it into the buffer td-rlerawdata of size rlerawsize a...
Astra Linux - уязвимость в squid
Squid is a web proxy cache. Starting from version 3.5.27 and before version 6.8, Squid may be vulnerable to a Denial of Service attack against the HTTP Chunked decoder due to an uncontrolled recursion bug. This issue allows a remote attacker to cause a Denial of Service when sending a crafted,...
Astra Linux - уязвимость в python3.11, python3.7
When an address list is folded, and the separating comma ends up on a folded line that needs to be encoded using Unicode, then the separator itself must also be encoded using Unicode. The expected behavior is that the separating comma remains a plain comma. However, this can lead to the address...
Astra Linux - уязвимость в firefox, thunderbird, chromium, libvpx
A heap buffer overflow occurred in the vp8 encoding process in libvpx within Google Chrome before version 117.0.5938.132. In version 1.13.1 of libvpx, a remote attacker could potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в node-body-parser
body-parser is a Node.js body parsing middleware. body-parser version 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue has...
Astra Linux - уязвимость в zabbix
The HttpRequest object allows you to retrieve the HTTP headers from the server’s response after sending a request. The issue is that the returned strings are created directly from the data sent by the server and are not properly encoded for JavaScript. This enables the creation of internal string...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Do not block the input queue by waiting for the MSC response Currently, the gsmqueue function processes incoming frames. When opening a DLC channel, it calls gsmdlciopen, which in turn calls gsmmodemupdate. If the basi...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: pNFS: Fixed an issue where uninitialized pointers were dereferenced. The error occurs during the third attempt to encode extents. When the function exttreepreparecommit reallocates a larger buffer to retry encoding extents, th...
Improper Access Control
Caddy is vulnerable to Improper Access Control. The vulnerability is due to incorrect case-insensitive matching in the HTTP path request matcher when percent-encoded sequences are present, allowing attackers to alter request path casing and bypass path-based routing or attached access controls...
DEBIAN-CVE-2026-40561
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
CVE-2026-40561
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
CVE-2026-40561
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
CVE-2026-40561 Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
CVE-2026-40561 Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
CVE-2026-40561
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
EUVD-2026-26806
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
CVE-2026-40561
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
Starlet 环境问题漏洞
Starlet is a high-performance HTTP/1.1 pre-fork web server developed by Kazuho Oku. Versions of Starlet prior to 0.31 contained an environmental vulnerability. This vulnerability stemmed from prioritizing the Content-Length header over the Transfer-Encoding header, which could lead to HTTP reques...