3696 matches found
Security update for libsoup2
This update for libsoup2 fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32052: Fixed heap buffer overflow in sniffunknown bsc1240756...
SUSE-SU-2025:1503-1 Security update for libsoup2
This update for libsoup2 fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 - CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 - CVE-2025-32052: Fixed heap buffer overflow in sniffunknown...
RockyLinux 8 : squid:4 (RLSA-2024:1375)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1375 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: Denial of Service in HTTP Chunked Decoding CVE-2024-25111 squid: denial of service i...
CVE-2025-46814
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially...
CVE-2025-46814 FastAPI Guard Remote Header Injection via X-Forwarded-For Manipulation
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially...
CVE-2025-4328
A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...
CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect
A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...
CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect
A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...
PT-2025-19924 · Unknown · Spring-Cloud-Base
Name of the Vulnerable Software and Affected Versions: spring-cloud-base versions up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa Description: A problem has been declared in the function sendBack of the file...
PT-2025-19983
Name of the Vulnerable Software and Affected Versions FastAPI Guard versions prior to 2.0.0 Description An HTTP header injection issue has been identified in FastAPI Guard. By manipulating the X-Forwarded-For header, an attacker can potentially inject arbitrary IP addresses into the request. This...
spring-cloud-base 安全漏洞
spring-cloud-base is an application by fp2952 individual developer. A security vulnerability exists in spring-cloud-base, which originates in the component HTTP Header Handler in the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/...
libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header
A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...
PT-2025-28189 · Ооо 'Сегнетикс' · Segnetics Smconfig
Уязвимость конфигуратора системных настроек Segnetics SMConfig связана с отсутствием защиты передаваемых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию путём чтения HTTP-заголовка Set-Cookie...
PT-2025-18236 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an HTTP Header Injection in the Apache HTTP Server. No specific details about the number of potentially affected devices or real-world incidents are provided...
ADC-13.1-Error "Custom header name is too long" with rewrite action DELETE_HTTP_HEADER in Netscaler
When you want to delete HTTP header "X-Permitted-Cross-Domain-Policies" with rewrite action DELETEHTTPHEADER, Netscaler prompts this error "Custom header name is too long"...
CVE-2025-2767
Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exist...
Security Bulletin: IBM i is vulnerable to a host header injection attack due to improper neutralization of HTTP header content by IBM Navigator for i [CVE-2025-2950].
Summary IBM i is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the...
CVE-2025-2950
IBM i (versions 7.3, 7.4, 7.5, and 7.6) is affected by a host header injection vulnerability due to improper neutralization of HTTP header content in IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to alter the domain/IP, potentially causing unexpected b...
CVE-2025-2950 IBM i improper HTTP header neutralization
IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior...
CVE-2025-2950 IBM i improper HTTP header neutralization
IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior...