K000151740: Ruby vulnerability CVE-2024-47220

Security Advisory Description An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the...

Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2020-13949 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploi...

ROS-20250619-08

The h11 library vulnerability is related to flaws in HTTP request processing. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality and integrity of protected information. of protected information...

Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the...

ALSA-2025:9149 Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

Liferay Portal和Liferay DXP 资源管理错误漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

TencentOS Server 3: nodejs:18 (TSSA-2023:0204)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0204 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: squid:4 (TSSA-2023:0289)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0289 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

RHEL 9 : skopeo (RHSA-2025:9065)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9065 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify file...

TencentOS Server 3: nodejs:20 (TSSA-2024:0178)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0178 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: resource-agents (TSSA-2024:0387)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0387 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: squid (TSSA-2024:0039)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0039 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: python-gunicorn (TSSA-2024:0663)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0663 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: varnish (TSSA-2022:0265)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0265 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: squid:4 (TSSA-2023:0277)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0277 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: httpd (TSSA-2023:0122)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0122 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 2: libsoup (TSSA-2024:1148)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1148 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 3: httpd (TSSA-2023:0026)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0026 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: httpd (TSSA-2023:0045)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0045 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...